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High Vulnerabilities 








Primary 
Vendor -- Product 


avaya -- 





session border controller for en 
a — |W 


Description 


A command injection vulnerability in Avaya Session 
Border Controller for Enterprise could allow an 


authenticated, remote attacker to send specially 
Prarfepgeraces and execute arbitrary commands 
heatiected system privileges. Affected 
versions of Avaya Session Border Controller for 
Enterprise include 7.x, 8.0 through 8.1.1.x 


IBM Spectrum Protect Client 8.1.0.0 through 






2021-04- 
23 





. CVSS Source & 
Published oe Patch Info 


CVE-2020- 
7034 
CONFIRM 








CVE-2021- 

















ibm -- 8.1.11.0 could allow a local user to escalate their 2021-04- 90532 
spectrum_protect_backup- ||privileges to take full control of the system due to 26 7.2 CONFIRM 
archive_client insecure directory permissions. IBM X-Force ID: 7 

198811. lesa 

IBM Spectrum Protect Client 8.1.0.0-8 through 

1.11.0 is vulnerable to a stack-based buffer 

overflow, caused by improper bounds checking CVE-2021- 
ibm -- when processing the current locale settings. A local || 2021-04- 72 29672 
spectrum_protect_client attacker could overflow a buffer and execute 26 —=—— |CONFIRM 

arbitrary code on the system with elevated XF 

privileges or cause the application to crash. IBM X- 

Force ID: 199479 

SQL Injection in CVE-2020- 
ead eanwedu com/inxedu/OS/edu/controller/letter/AdminMsgSysten@iattOler| 5 3en39 

in Inxedu v2.0.6 via the ids parameter to 29 — MISC. 

admin/letter/delsystem. arn 










https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 
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Improperly Controlled Modification of Object 


CVE-2021- 























purl_ project -- purl 








Back to top 
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user to perform remote arbitrary code execution on 
the Pulse Connect Secure gateway. This 
vulnerability has been exploited in the wild. 


Improperly Controlled Modification of Object 
Prototype Attributes (‘Prototype Pollution’) in purl 
2.3.2 allows a malicious user to inject properties 





into Object.prototype. 


Medium Vulnerabilities 











2021-04- 
23 





jquery-bbq_ project -- Prototype Attributes (‘Prototype Pollution’) in jquery-|| 2021-04- 75  lo0086 
jquery-bbq bbq 1.2.1 allows a malicious user to inject 23 = MISC 
properties into Object.prototype. ——— 
Prototype pollution vulnerability in 'safe-obj' CVE-2021- 
: versions 1.0.0 through 1.0.2 allows an attacker to 2021-04- 25928 
manta - safe-obj cause a denial of service and may lead to remote 26 “25 |misc 
code execution. MISC 
nee Aterm WG2600HS firmware Ver1.5.1 and earlier 2021-04- coor 
: allows an attacker to execute arbitrary OS 10 
aici Woe600hs firmware commands via unspecified vectors. 26 Tee 
; : CVE-2019- 
Unbound before 1.9.5 allows an integer overflow in || 2021-04- 
ni Kel eo unbenie the regional allocator via regional_alloc. 27 = ee 
: : CVE-2019- 
Unbound before 1.9.5 allows an integer overflow in || 2021-04- 
nine Hee os un nCune the regional allocator via the ALIGN_UP macro. 27 £2 ae 
Unbound before 1.9.5 allows an integer overflow in 2021-04- CVE-2019- 
ninetlabs -- unbound sldns_str2wire_dname_buf_origin, leading to an 27 7.5 1125034 
out-of-bounds write. MISC 
CVE-2019- 
Unbound before 1.9.5 allows an out-of-bounds 2021-04- 
lng tabs = Unbound write in sldns_bget_token_par. 27 £2 va 
Unbound before 1.9.5 allows an integer overflow in || 2021-04- 
Anes = HNBONe a size calculation in dnscrypt/dnscrypt.c. 27 £3 ria 
Unbound before 1.9.5 allows an integer overflow in || 2021-04- 
Al Hepes ipeune a size calculation in respip/respip.c. 27 £8 a 
CVE-2019- 
Unbound before 1.9.5 allows an out-of-bounds 2021-04- 
AlnetaDS =< Unpoune write via a compressed name in rdata_copy. 27 £2 — 
Pulse Connect Secure 9.0R3/9.1R1 and higher is 
vulnerable to an authentication bypass vulnerability 
exposed by the Windows File Share Browser and 
pulsesecure -- Pulse Secure Collaboration features of Pulse 2021-04- 75 
pulse_connect_secure Connect Secure that can allow an unauthenticated 23 == 
15 








CVE-2021- 
20089 
MISC 











Primary a ; CVvSs Source & 
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Improperly Controlled Modification of Object 









































HTML page. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








acemetrix -- jquery- Prototype Attributes (‘Prototype Pollution’) in jquery-|| 2021-04- es 
deparam deparam 0.5.1 allows a malicious user to inject 23 MISC 
properties into Object.prototype. (paceman 
Cross-site scripting vulnerability in Aterm CVE-2021- 
aterm -- WG2600HS firmware Ver1.5.1 and earlier allows 2021-04- 20710 
wg2600hs_ firmware remote attackers to inject an arbitrary script via 26 MISC 
unspecified vectors. MISC 
An XML External Entities (XXE)vulnerability in the 
web-based user interface of Avaya Aura 
Orchestration Designer could allow an CVE-2020- 
Sir iieenatch designeyauthenticated, remote attacker to gain read access oo 7035 
_ S¢SI9NEll GS information that is stored on an affected system. CONFIRM 
The affected versions of Orchestration Designer 
includes all 7.x versions before 7.2.3. 
An XML External Entities (XXE)vulnerability in 
Callback Assist could allow an authenticated, CVE-2020- 
pai oa CANDAGK Bat remote attacker to gain read access to information || 2021-04- 7036. 
y = that is stored on an affected system. The affected 23 CONFIRM 
versions of Callback Assist includes all 4.0.x ———— 
versions before 4.7.1.1 Patch 7. 
- < Improperly Controlled Modification of Object 
See ee Prototype Attributes (‘Prototype Pollution’) in Prrre CVE-2021- 
ir tas ae 4 backbone-query-parameters 0.4.0 allows a 23 20085 
el ena y malicious user to inject properties into MISC 
P Object. prototype. 
: ie CVE-2021- 
ae . CNCSoft-B Versions 1.0.0.3 and prior is vulnerable aaeea 
ae al ~ to an out-of-bounds write, which may allow an os ee 
attacker to execute arbitrary code. | are 
MISC 
CVE-2021- 
: : Settings.aspx?view=About in Directum 5.8.2 allows || 2021-04- 31794 
Aree eee XSS via the HTTP User-Agent header. 24 MISC 
MISC 
An issue has been discovered in GitLab CE/EE CVE-2021- 
affecting all versions starting from 11.9. GitLab was 2021-04- 22205 
gitlab -- gitlab not properly validating image files that were passed 23 MISC 
to a file parser which resulted in a remote MISC 
command execution. CONFIRM 
Insufficient data validation in V8 in Google Chrome a 
bdGle-<chronie prior to 90.0.4430.93 allowed a remote attacker to || 2021-04- MISC. 
goog potentially exploit heap corruption via a crafted 30 MISC 
HTML page. GENTOO 
Type confusion in V8 in Google Chrome prior to a 
90.0.4430.93 allowed a remote attacker to 2021-04- hie 
Boogie —cnname potentially exploit heap corruption via a crafted 30 Sree 
HTML page. GENTOO 
Use after free in Dev Tools in Google Chrome prior = 
to 90.0.4430.93 allowed a remote attacker to 2021-04- nee 
pocgle = ehnenie potentially exploit heap corruption via a crafted 30 —_ 














MISC 
GENTOO 
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perform a sandbox escape via a crafted HTML 
page. 





https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 











CVE-2021- 
Type confusion in V8 in Google Chrome prior to 21224 
90.0.4430.85 allowed a remote attacker to execute || 2021-04- MISC 
peogle--chrame arbitrary code inside a sandbox via a crafted HTML 26 68 misc 
page. DEBIAN 
GENTOO 
Integer overflow in Mojo in Google Chrome prior to oo 
90.0.4430.85 allowed a remote attacker who had 2021-04- MISC. 
google -- chrome compromised the renderer process to potentially 26 6.8 MISC 
perform a sandbox escape via a crafted HTML ry 
ane DEBIAN 
page GENTOO 
Use after free in Blink in Google Chrome prior to or a 
89.0.4389.128 allowed a remote attacker to 2021-04- ee 
Beedle. cineme potentially exploit heap corruption via a crafted 26 = ie 
HTML page. GENTOO 
Insufficient validation of untrusted input in V8 in co See 
Google Chrome prior to 89.0.4389.128 allowed a 2021-04- Rae 
poogie.=enramie remote attacker to potentially exploit heap 26 5.8 a 
corruption via a crafted HTML page. GENTOO 
en nn CVE-2021- 
Use after free in WebMIDI in Google Chrome prior 21213 
to 90.0.4430.72 allowed a remote attacker to 2021-04- MISC 
google — chrome potentially exploit heap corruption via a crafted 26 68 misc 
HTML page. DEBIAN 
GENTOO 
Use after free in IndexedDB in Google Chrome aoe 
prior to 90.0.4430.72 allowed an attacker who 2021-04- MISC 
google -- chrome convinced a user to install a malicious extension to 26 6.8 MISC 
potentially perform a sandbox escape via a crafted DEBIAN 
Chrome Extension. GENTOO 
Heap buffer overflow in ANGLE in Google Chrome ne 
on Windows prior to 90.0.4430.93 allowed a remote|| 2021-04- nee 
google — chrome attacker to potentially exploit heap corruption via a 30 68 ere 
crafted HTML page. GENTOO 
CVE-2021- 
Use after free in Blink in Google Chrome on OS X 21204 
= prior to 90.0.4430.72 allowed a remote attacker to || 2021-04- MISC 
Spode = cmneie potentially exploit heap corruption via a crafted 26 aS MISC 
HTML page. DEBIAN 
GENTOO 
CVE-2021- 
Use after free in Blink in Google Chrome prior to 21203 
90.0.4430.72 allowed a remote attacker to 2021-04- MISC 
poogiechramie potentially exploit heap corruption via a crafted 26 68 misc 
HTML page. DEBIAN 
GENTOO 
Use after free in navigation in Google Chrome prior er a 
to 90.0.4430.85 allowed a remote attacker who had 2021-04- MISC. 
google -- chrome compromised the renderer process to potentially 26 6.8 MISC 








DEBIAN 
GENTOO 
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Primary ae P CVSS Source & 
Vendor -- Product Deschipron Publiened Score Patch Info 
CVE-2021- 
Use after free in Network API in Google Chrome 21214 
rior to 90.0.4430.72 allowed a remote attacker to || 2021-04- MISC 
peogie-scnrome rental exploit heap corruption via a crafted 26 MISC 
Chrome Extension. DEBIAN 
GENTOO 
CVE-2021- 
Out of bounds memory access in V8 in Google 21275 
Gédia=x chrome Chrome prior to 90.0.4430.85 allowed a remote 2021-04- MISC 
goog attacker to potentially exploit heap corruption via a 26 MISC 
crafted HTML page. DEBIAN 
GENTOO 
Use after free in permissions in Google Chrome ren 
prior to 90.0.4430.72 allowed a remote attacker 2021-04- MISC. 
google -- chrome who had compromised the renderer process to 26 MISC 
potentially perform a sandbox escape via a crafted DEBIAN 
HTML page. GENTOO 
Incorrect security UI in Network Config Ul in Google ee 
Chrome on ChromeOS prior to 90.0.4430.72 2021-04- MISC. 
google -- chrome allowed a remote attacker to potentially 26 MISC 
compromise WiFi connection security via a DEBIAN 
malicious WAP. GENTOO 
CVE-2021- 
Heap buffer overflow in V8 in Google Chrome prior 21222 
Scales diene to 90.0.4430.85 allowed a remote attacker who had |] 2021-04- MISC 
goog compromised the renderer process to bypass site 26 MISC 
isolation via a crafted HTML page. DEBIAN 
GENTOO 
CVE-2021- 
Inappropriate implementation in storage in Google 21209 
Sociatchrone Chrome prior to 90.0.4430.72 allowed a remote 2021-04- MISC 
goog attacker to leak cross-origin data via a crafted 26 MISC 
HTML page. DEBIAN 
GENTOO 
CVE-2021- 
Insufficient policy enforcement in navigation in 21205 
Google Chrome on iOS prior to 90.0.4430.72 2021-04- MISC 
google chname allowed a remote attacker to bypass navigation 26 MISC 
restrictions via a crafted HTML page. DEBIAN 
GENTOO 
Use after free in extensions in Google Chrome prior a 
to 90.0.4430.72 allowed an attacker who convinced || 5554 94. MISC. 
google -- chrome a user to install a malicious extension to potentially 26 MISC 
perform a sandbox escape via a crafted Chrome DEBIAN 
Extension. GENTOO 
CVE-2021- 
Insufficient data validation in QR scanner in Google 21208 
soda = chrome Chrome on iOS prior to 90.0.4430.72 allowed an 2021-04- 43 MISC 
goog attacker displaying a QR code to perform domain 26 — MISC 
spoofing via a crafted QR code. DEBIAN 
GENTOO 
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vulnerability to execute code in the context of the 
current process. 








https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 











CVE-2021- 
Inappropriate implementation in Network in Google 21210 
Chrome prior to 90.0.4430.72 allowed a remote 2021-04- MISC 
peogle--chrame attacker to potentially access local UDP ports via a 26 MISC 
crafted HTML page. DEBIAN 
GENTOO 
Insufficient validation of untrusted input in Mojo in aoe 
Google Chrome prior to 90.0.4430.72 allowed a 2021-04- MISC. 
google -- chrome remote attacker who had compromised the me 
26 MISC 
renderer process to leak cross-origin data via a 
crafted HTML page ee 
Pee OO—OO GENTOO 
CVE-2021- 
Inappropriate implementation in Navigation in 21211 
_ Google Chrome on iOS prior to 90.0.4430.72 2021-04- MISC 
Beedle -cunomie allowed a remote attacker to leak cross-origin data 26 MISC 
Via a crafted HTML page. DEBIAN 
| GENTOO 
CVE-2021- 
Inappropriate implementation in Autofill in Google 21215 
Chrome prior to 90.0.4430.72 allowed a remote 2021-04- MISC 
pocgle ehnenie attacker to spoof security UI via a crafted HTML 26 MISC 
page. DEBIAN 
GENTOO 
CVE-2021- 
Inappropriate implementation in Autofill in Google 21216 
Chrome prior to 90.0.4430.72 allowed a remote 2021-04- MISC 
poodle = chreme attacker to spoof security UI via a crafted HTML 26 MISC 
page. DEBIAN 
GENTOO 
CVE-2021- 
Uninitialized data in PDFium in Google Chrome 21217 
_ prior to 90.0.4430.72 allowed a remote attacker to || 2021-04- MISC 
Boodle enrame obtain potentially sensitive information from 26 MISC 
process memory via a crafted PDF file. DEBIAN 
GENTOO 
CVE-2021- 
Uninitialized data in PDFium in Google Chrome 21218 
_ prior to 90.0.4430.72 allowed a remote attacker to || 2021-04- MISC 
Boogie + enrame obtain potentially sensitive information from 26 MISC 
process memory via a crafted PDF file. DEBIAN 
GENTOO 
CVE-2021- 
Uninitialized data in PDFium in Google Chrome 21219 
_ prior to 90.0.4430.72 allowed a remote attacker to || 2021-04- MISC 
Bepala-7enrome obtain potentially sensitive information from 26 MISC 
process memory via a crafted PDF file. DEBIAN 
GENTOO 
Cscape (All versions prior to 9.90 SP4) lacks 
proper validation of user-supplied data when CVE-2021- 
a parsing project files. This could lead to memory 2021-04- Semeas = 
Me tneraMiomaselve=recape corruption. An attacker could leverage this 23 = ie 
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Cscape (All versions prior to 9.90 SP4) is 
configured by default to be installed for all users, 






























































invalid packet. 











: oaiars : } : CVE-2021- 
, which allows full permissions, including read/write 2021-04- aaa 
homerauomadton- Escape | cass. This may allow unprivileged users to 23 25 ata 
modify the binaries and configuration files and lead anes 
to local privilege escalation. 
IBM Informix Dynamic Server 14.10 is vulnerable to 
a stack based buffer overflow, caused by improper CVE-2021- 
ibm -- bounds checking. A local privileged user could 2021-04- 46 20515 
informix_dynamic_server _ |loverflow a buffer and execute arbitrary code on the 30 XE 
system or cause a denial of service condition. IBM CONFIRM 
X-Force ID: 198366. 
IBM Planning Analytics 2.0 could allow a remote CVE-2020- 
: ‘ : attacker to obtain sensitive information by allowing || 2021-04- 4562 
ibm — planning_analytics cross-window communication with unrestricted 26 2 XE 
target origin via documentation frames. CONFIRM 
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 CVE-2021 
uses weaker than expected cryptographic a 
lay igorithms that could allow an attacker to decrypt} 2021-04 5 _ aeee4 
spectrum_protect_plus eel ey : ; ryP 26 = XE 
= a highly sensitive information. IBM X-Force ID: CONFIRM 
200258. Pa 
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 
uses Cross-Origin Resource Sharing (CORS) CVE-2021- 
ibm -- which could allow an attacker to carry out privileged || 2021-04- 6.4 20432 
spectrum_protect_plus actions and retrieve sensitive information as the 26 =“ XE 
domain name is not being limited to only trusted CONFIRM 
domains. IBM X-Force ID: 196344. 
Jamovi <=1.6.18 is affected by a cross-site scripting 
(XSS) vulnerability. The column-name is vulnerable CVE-2021- 
jamovi - jamovi to XSS in the ElectronJS Framework. An attacker 2021-04- 43 28079 
can make a .omv (Jamovi) document containing a 26 —  IMISC 
payload. When opened by victim, the payload is MISC 
triggered. 
; ; Improperly Controlled Modification of Object 
query-plugin-query- Prototype Attributes (‘Prototype Pollution’) in jquery-|| 2021-04- CVE-2021- 
Object_project ~ jquery lugin- -object 2.2.3 allows a malicious user to 23 = 
lugin-query-object Shea ie ain beatae MISC 
P inject properties into Object.prototype. 
Improperly Controlled Modification of Object CVE-2021- 
jquery-sparkle_project -- Prototype Attributes (‘Prototype Pollution’) in jquery-|| 2021-04- 65 20084 
jquery-sparkle sparkle 1.5.2-beta allows a malicious user to inject 23 MISC. 
properties into Object.prototype. aan 
The Import function in MintCM RELEASE 3.0.8 || 5554 94. ——— 
minthcm -- minthcm allows an attacker to execute a cross-site scripting 43 - ane 
(XSS) payload in file-upload Ze —— 
; MISC 
Improperly Controlled Modification of Object CVE-2021- 
eGinela=sencotoolsnene Prototype Attributes (‘Prototype Pollution’) in 2021-04- 65 20088 
mootools-more 1.6.0 allows a malicious user to 23 MISC. 
inject properties into Object.prototype. \aaceraia 
: ‘ CVE-2019- 
Unbound before 1.9.5 allows an assertion failure 2021-04- 
Ane Reps = Unbound and denial of service in synth_cname. a7 2 4 
Unbound before 1.9.5 allows an assertion failure 2021-04- CVE-2019- 
ninetlabs -- unbound and denial of service in dname_pkt_copy via an 07 5 25037 
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false within the https.request function of Node.js. In 
other words, no certificate is ever rejected. 
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ey leeaseas | CVE-2019- 
Unbound before 1.9.5 allows an infinite loop via a 2021-04- ae 
nn tales oune compressed name in dname_pkt_copy. 27 2 eg 
: ' CVE-2019- 
Unbound before 1.9.5 allows an assertion failure 2021-04- Seed 
pet aaS 5 UPOone via a compressed name in dname_pkt_copy. a = [eeu 
Unbound before 1.9.5 allows configuration injection 
in create_unbound_ad_servers.sh upon a 2021-04- Renae 
Aine Habe tinboung successful man-in-the-middle attack against a 27 = 
cleartext HTTP session. 
icnpiSeieshieenee pfSense 2.5.0 allows XSS via the 2021-04- 43. 127933. 
P P services _wol_edit.php Description field. 28 — 
Webmin 1.973 is affected by Cross Site Request 
eee eee ree Forgery (CSRF) to achieve Remote Command 2021-04- 68 
Execution (RCE) through Webmin's running 25 = 
process feature. 
CVE-2021- 
Webmin 1.973 is affected by reflected Cross Site 31761 
Webrniticswebnaih Scripting (XSS) to achieve Remote Command 2021-04- 6.8 MISC 
Execution through Webmin's running process 25 == |IMISC 
feature. MISC 
MISC 
Webmin 1.973 is affected by Cross Site Request Sa 
ee 31762 
Forgery (CSRF) to create a privileged user through 2021-04- MISC 
webmin -- webmin Webmin's add users feature, and then get a 25 6.8 MISC 
reverse shell through Webmin's running process MISC 
feature. MISC 
Excessive memory consumption in MS-WSP a 
: ‘ dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 2021-04- = 
Wine Sialic =n sialik 3.2.12 allows denial of service via packet injection 23 5 oo 
or crafted capture file MISC 
The xmlhttprequest-ssl package before 1.6.1 for CVE-2021- 
Node.js disables SSL certificate validation by 31597 
xmlhttprequest-ssl_ project - ||\default, because rejectUnauthorized (when the 2021-04- 58 |IMISC. 
- xmlhttprequest-ssl property exists but is undefined) is considered to be 23 ee 





Cvss 
Score 





MISC 
MISC 
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dotcms -- dotcms 








Cross Site Scripting (XSS) in dotCMS v5.1.5 allows 


remote attackers to execute arbitrary code by 
injecting a malicious payload into the "Task Detail" 
comment window of the "/dotAdmin/#/c/workflow" 
component. 





https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
23 


= 











CVE-2020- 
17542 
MISC 
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IBM Spectrum Protect Client 8.1.0.0 through CVE-2021- 
, 8.1.11.0 is vulnerable to a stack-based buffer = 
adllee overflow, caused by improper bounds checking. A ae 
spectrum_protect_client d : 26 





ibm -- 
spectrum_protect_plus 





vaadin -- flow 


IBM Spectrum Protect Plus File Systems Agent 


local attacker could overflow a buffer and cause the 
application to crash. IBM X-Force ID: 198934 


10.1.6 and 10.1.7 stores potentially sensitive 
information in log files that could be read by a local 
user. IBM X-Force ID: 198836. 


Non-constant-time comparison of CSRF tokens in 


UIDL request handler in com.vaadin:flow-server 
versions 1.0.0 through 1.0.13 (Vaadin 10.0.0 
through 10.0.16), 1.1.0 prior to 2.0.0 (Vaadin 11 
prior to 14), 2.0.0 through 2.4.6 (Vaadin 14.0.0 
through 14.4.6), 3.0.0 prior to 5.0.0 (Vaadin 15 prior 
to 18), and 5.0.0 through 5.0.2 (Vaadin 18.0.0 
through 18.0.5) allows attacker to guess a security 
token via timing attack. 


2021-04- 
26 


2021-04- 
23 





Non-constant-time comparison of CSRF tokens in 


endpoint request handler in com.vaadin:flow-server 
versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 











wowza -- streaming_engine 





vaadin -- flow 18.0.6), and com.vaadin:fusion-endpoint version mrad 
6.0.0 (Vaadin 19.0.0) allows attacker to guess a 
security token for Fusion endpoints via timing 
attack. 
Non-constant-time comparison of CSRF tokens in 
UIDL request handler in com.vaadin:vaadin-server 
—— F versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through |} 2021-04- 
Meteiin == fooiH 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 23 
through 8.12.2) allows attacker to guess a security 
token via timing attack 
Wowza Streaming Engine through 4.8.5 (ina 
default installation) has incorrect file permissions of 
: .__ llconfiguration files in the conf/ directory. A regular 2021-04- 
wowza -- streaming_engine ji ..41 user is able to read and write to alll the 23 


configuration files, e.g., modify the application 
server configuration. 


default installation) has cleartext passwords stored 
in the conf/admin.password file. A regular local user 


Wowza Streaming Engine through 4.8.5 (ina 
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is able to read usernames and passwords. 


Severity Not Yet Assigned 
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Vendor -- Product 


akuvox -- c315 
&#xAO; 


Description 


Akuvox C315 115.116.2613 allows remote 
command Injection via the cfgd_server service. The 
attack vector is sending a payload to port 189 














(default root 0.0.0.0). 
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ampache -- ampache 
&#xAO0; 





A buffer overflow in the RTSP service of the 
Ambarella Oryx RTSP Server 2020-01-07 allows an 
unauthenticated attacker to send a crafted RTSP 
request, with a long digest authentication header, to 
execute arbitrary code in 
parse_authentication_header() in libamprotocol- 
rtsp.so.1 in rtsp_svc (or cause a crash). This allows 
remote takeover of a Furbo Dog Camera, for 
example. 


[AAmpache before version 4.2.2 allows 
unauthenticated users to perform SQL injection. 
Refer to the referenced GitHub Security Advisory 
for details and a workaround. This is fixed in 
version 4.2.2 and the development branch. 


2021-04- 
30 


2021-04- 
30 








ansible -- engine 
&#XAO; 


A flaw was found in the Ansible Engine 2.9.18, 
where sensitive info is not masked by default and is 
not protected by the no_log feature when using the 
sub-option feature of the basic.py module. This flaw 
allows an attacker to obtain sensitive information. 
The highest threat from this vulnerability is to 
confidentiality. 


2021-04- 
29 








apache -- maven 
&#xAO; 


apache -- ofbiz 
&#xAO; 





apache -- ofbiz 
&#XxAO; 














Apache Maven will follow repositories that are 
defined in a dependency’s Project Object Model 
(pom) which may be surprising to some users, 
resulting in potential risk if a malicious actor takes 
over that repository or is able to insert themselves 
into a position to pretend to be that repository. 
Maven is changing the default behavior in 3.8.1+ to 
no longer follow http (non-SSL) repository 
references by default. More details available in the 
referenced urls. If you are currently using a 
repository manager to govern the repositories used 
by your builds, you are unaffected by the risks 
present in the legacy behavior, and are unaffected 
by this vulnerability and change to default behavior. 
See this link for more information about repository 
management: https://maven.apache.org/repository- 
management.html 


Apache OFBiz has unsafe deserialization prior to 
17.12.07 version 


Apache OFBiz has unsafe deserialization prior to 
17.12.07 version An unauthenticated user can 
perform an RCE attack 





https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
23 


2021-04- 
27 


2021-04- 
27 
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apache -- ozone_cluster 
&#XAO; 


apache -- superset 
&#XAO; 


apache -- tapestry 
&#XAO; 








The S3 buckets and keys in a secure Apache 
Ozone Cluster must be inaccessible to anonymous 
access by default. The current security vulnerability 
allows access to keys and buckets through a curl 
command or an unauthenticated HTTP request. 
This enables unauthorized access to buckets and 
keys thereby exposing data to anonymous clients 
or users. This affected Apache Ozone prior to the 
1.1.0 release. Improper Authorization vulnerability 
in __ COMPONENT ___ of Apache Ozone allows an 
attacker to __ IMPACT __.. This issue affects Apache 
Ozone Apache Ozone version 1.0.0 and prior 
versions. 


Apache Superset up to and including 1.0.1 allowed 


for the creation of an external URL that could be 
malicious. By not checking user input for open 
redirects the URL shortener functionality would 
allow for a malicious user to create a short URL for 
a dashboard that could convince the user to click 
the link. 


Information Exposure vulnerability in context asset 


handling of Apache Tapestry allows an attacker to 
download files inside WEB-INF if using a specially- 
constructed URL. This was caused by an 
incomplete fix for CVE-2020-13953. This issue 
affects Apache Tapestry Apache Tapestry 5.4.0 
version to Apache Tapestry 5.6.3; Apache Tapestry 
5.7.0 version and Apache Tapestry 5.7.1. 


2021-04- 
27 


2021-04- 
27 


2021-04- 
27 





aruba -- 











A remote insecure deserialization vulnerability was 
discovered in Aruba AirWave Management 
Platform version(s) prior to 8.2.12.1. Aruba has 


2021-04- 

















&#XAO; 











released patches for AirWave Management 





Platform that address this security vulnerability. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








alnvave Management ploutr eased patches for AirWave Management = 
Platform that address this security vulnerability. 
A remote SQL injection vulnerability was 
discovered in Aruba AirWave Management 
aruba -- : : 2021-04- 
i Platform version(s) prior to 8.2.12.1. Aruba has 
ainwave_management_platiqiy. ased patches for AirWave Management = 
Platform that address this security vulnerability. 
A remote escalation of privilege vulnerability was 
discovered in Aruba AirWave Management 
aruba -- . . 2021-04- 
; Platform version(s) prior to 8.2.12.1. Aruba has 
alnvave management plate) eased patches for AirWave Management - 
Platform that address this security vulnerability. 
A remote XML external entity vulnerability was 
aruba -- discovered in Aruba AirWave Management 2021-04- 
airwave_management_platfoFtatform version(s) prior to 8.2.12.1. Aruba has 28 
&#xAO0; released patches for AirWave Management 
Platform that address this security vulnerability. 
A remote insecure deserialization vulnerability was 
aruba -- discovered in Aruba AirWave Management 2021-04- 
airwave_management_platfgFtatform version(s) prior to 8.2.12.1. Aruba has 28 
&#xAO0; released patches for AirWave Management 
Platform that address this security vulnerability. 
A remote URL redirection vulnerability was 
aruba -- discovered in Aruba AirWave Management 2021-04- 
airwave_management_platfgFtatform version(s) prior to 8.2.12.1. Aruba has 29 
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aruba -- 


aruba -- 








airwave_management_platfa 





A remote XML external entity vulnerability was 
discovered in Aruba AirWave Management 


airwave_management_platfoFtatform version(s) prior to 8.2.12.1. Aruba has 
&#XAD; 


released patches for AirWave Management 


Platform that address this security vulnerability. 


A remote authentication restriction bypass 

Vulnerability was discovered in Aruba AirWave 

We Platform version(s) prior to 8.2.12.1. 
ruba has released patches for AirWave 


2021-04- 
29 


2021-04- 
28 
































&#XAO; 








ClearPass Policy Manager that address this 








security vulnerability. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








eee Management Platform that address this security 
A remote unauthorized access vulnerability was 
aruba -- discovered in Aruba AirWave Management 2021-04- 
airwave_management_platfoFtatform version(s) prior to 8.2.12.1. Aruba has 29 
&#xAO0; released patches for AirWave Management 
Platform that address this security vulnerability. 
A remote unauthorized access vulnerability was 
aruba -- discovered in Aruba AirWave Management 2021-04- 
airwave_management_platfgFtatform version(s) prior to 8.2.12.1. Aruba has 29 
&#xAO0; released patches for AirWave Management 
Platform that address this security vulnerability. 
A remote XML external entity vulnerability was 
aruba -- discovered in Aruba AirWave Management 2021-04- 
airwave_management_platfoFtatform version(s) prior to 8.2.12.1. Aruba has 28 
&#xA0; released patches for AirWave Management 
Platform that address this security vulnerability. 
A remote disclosure of sensitive information 
vulnerability was discovered in Aruba ClearPass 
aruba -- Policy Manager version(s) prior to 6.9.5, 6.8.9, 2021-04- 
clearpass_policy_manager ||6.7.14-HF1. Aruba has released patches for Aruba 29 
ClearPass Policy Manager that address this 
security vulnerability. 
A remote disclosure of sensitive information 
Vulnerability was discovered in Aruba ClearPass 
aruba -- Policy Manager version(s) prior to 6.9.5, 6.8.9, 2021-04- 
clearpass_policy_manager ||6.7.14-HF1. Aruba has released patches for Aruba 29 
ClearPass Policy Manager that address this 
security vulnerability. 
A local escalation of privilege vulnerability was 
aruba -- discovered in Aruba ClearPass Policy Manager 2021-04- 
clearpass_policy_manager |\version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba 28 
&#xA0; has released patches for Aruba ClearPass Policy 
Manager that address this security vulnerability. 
A remote arbitrary command execution vulnerability 
ai iat hi discovered i ‘ae ee ae ‘4 re 
; anager version(s) prior to 6.9.5, 6.8.9, 6.7.14- -04- 
ee ae aa HF1. Aruba has released patches for Aruba 29 
, ClearPass Policy Manager that address this 
security vulnerability. 
A remote cross-site scripting (XSS) vulnerability 
ag eis Ne discovered i an mes oe - eapaaa 
: anager version(s) prior to 6.9.5, 6.8.9, 6.7.14- -04- 
Cesta ss policy manager HF1. Aruba has released patches for Aruba 29 
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aruba -- 
clearpass_policy_manager 
&#xAO0; 





A remote server side request forgery (SSRF) 
remote code execution vulnerability was discovered 
in Aruba ClearPass Policy Manager version(s) prior 
to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released 
patches for Aruba ClearPass Policy Manager that 
address this security vulnerability. 


2021-04- 
29 





aruba -- 
clearpass_policy_manager 
&#XAO; 


aruba -- 
clearpass_policy_manager 
&#xAO0; 





A remote cross-site scripting (XSS) vulnerability 
was discovered in Aruba ClearPass Policy 
Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14- 
HF1. Aruba has released patches for Aruba 
ClearPass Policy Manager that address this 
security vulnerability. 


A remote XML external entity (XXE) vulnerability 


was discovered in Aruba ClearPass Policy 
Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14- 
HF1. Aruba has released patches for Aruba 
ClearPass Policy Manager that address this 
security vulnerability. 


2021-04- 
29 


2021-04- 
29 





aruba -- 
clearpass_policy_manager 
&#XxAO; 





A remote cross-site scripting (XSS) vulnerability 


was discovered in Aruba ClearPass Policy 
Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14- 
HF1. Aruba has released patches for Aruba 
ClearPass Policy Manager that address this 
security vulnerability. 


2021-04- 
29 





aruba -- 
clearpass_policy_manager 
&#XAO; 


avava -- 
equinox_conferencing 





A remote disclosure of privileged information 
vulnerability was discovered in Aruba ClearPass 
Policy Manager version(s) prior to 6.9.5, 6.8.9, 
6.7.14-HF1. Aruba has released patches for Aruba 
ClearPass Policy Manager that address this 
security vulnerability. 


A vulnerability was discovered in Management 


component of Avaya Equinox Conferencing that 
could potentially allow an unauthenticated, remote 
attacker to gain access to screen sharing and 
whiteboard sessions. The affected versions of 
Management component of Avaya Equinox 
Conferencing include all 3.x versions before 3.17. 
Avaya Equinox Conferencing is now offered as 
Avaya Meetings Server. 


2021-04- 
29 


2021-04- 
28 








avava -- 
equinox_conferencing 
&#XxAO; 


ave -- dominaplus 














An XML External Entities (XXE) vulnerability in 
Media Server component of Avaya Equinox 
Conferencing could allow an authenticated, remote 
attacker to gain read access to information that is 
stored on an affected system or even potentially 
lead to a denial of service. The affected versions of 
Avaya Equinox Conferencing includes all 9.x 
versions before 9.1.11. Equinox Conferencing is 
now offered as Avaya Meetings Server. 


AVE DOMINAplus <=1.10.x suffers from clear-text 


credentials disclosure vulnerability that allows an 
unauthenticated attacker to issue a request to an 
unprotected directory that hosts an XML file 
‘/xml/authClients.xml' and obtain administrative 
login information that allows for a successful 





authentication bypass attack. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
28 


2021-04- 
28 


CVE-2020- 


XPLOIT-DB 
MISC 
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ave -- dominaplus 
&#xAO; 


ave -- dominaplus 
&#xAO0; 


aviatrix -- vpn_client 
&#XAD; 








AVE DOMINAplus <=1.10.x suffers from an 
unauthenticated reboot command execution. 
Attackers can exploit this issue to cause a denial of 
service scenario. 


authentication bypass vulnerability due to missing 
control check when directly calling the autologin 
GET parameter in changeparams.php script. 
Setting the autologin value to 1 allows an 
unauthenticated attacker to permanently disable 
the authentication security control and access the 
management interface with admin privileges 
without providing credentials. 


an unquoted search path that enables local 
privilege escalation to the SYSTEM user, if the 
machine is misconfigured to allow unprivileged 
users to write to directories that are supposed to be 
restricted to administrators. 


attacker to load arbitrary locale files on disk and 





babel -- babel 
&#xAO; 








execute arbitrary code. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 


AVE DOMINAplus <=1.10.x suffers from an 


Aviatrix VPN Client before 2.14.14 on Windows has 


Relative Path Traversal in Babel 2.9.0 allows an 


2021-04- 
28 


2021-04- 
28 


2021-04- 


29 


2021-04- 
29 














not yet : 
calculate 





CVE-2021- 
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bind -- 
&#HxAO; 


bind 








In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and 
versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8- 
$1 -> 9.16.13-S1 of BIND Supported Preview 
Edition, as well as release versions 9.17.0 -> 9.17.1 
of the BIND 9.17 development branch, BIND 
servers are vulnerable if they are running an 
affected version and are configured to use GSS- 
TSIG features. In a configuration which uses 
BIND's default settings the vulnerable code path is 
not exposed, but a server can be rendered 
vulnerable by explicitly setting values for the tkey- 
gssapi-keytab or tkey-gssapi-credential 
configuration options. Although the default 
configuration is not vulnerable, GSS-TSIG is 
frequently used in networks where BIND is 
integrated with Samba, as well as in mixed-server 
environments that combine BIND servers with 
Active Directory domain controllers. For servers 
that meet these conditions, the ISC SPNEGO 
implementation is vulnerable to various attacks, 
depending on the CPU architecture for which BIND 
was built: For named binaries compiled for 64-bit 
platforms, this flaw can be used to trigger a buffer 
over-read, leading to a server crash. For named 
binaries compiled for 32-bit platforms, this flaw can 
be used to trigger a server crash due to a buffer 
overflow and possibly also to achieve remote code 
execution. We have determined that standard 
SPNEGO implementations are available in the MIT 
and Heimdal Kerberos libraries, which support a 
broad range of operating systems, rendering the 
ISC implementation unnecessary and obsolete. 
Therefore, to reduce the attack surface for BIND 
users, we will be removing the ISC SPNEGO 
implementation in the April releases of BIND 9.11 
and 9.16 (it had already been dropped from BIND 
9.17). We would not normally remove something 
from a stable ESV (Extended Support Version) of 
BIND, but since system libraries can replace the 
ISC SPNEGO implementation, we have made an 
exception in this case for reasons of stability and 
security. 


In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 


9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 
and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported 
Preview Edition, as well as release versions 9.17.0 
-> 9.17.11 of the BIND 9.17 development branch, 
when a vulnerable version of named receives a 
malformed IXFR triggering the flaw described 
above, the named process will terminate due to a 
failed assertion the next time the transferred 





secondary zone is refreshed. 








2021-04- 
29 


2021-04- 
29 





not yet 
calculate 








CVE-2021- 
29214 
CONFIRM 
MLIST 
LIST 











https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 
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bind -- bind 
&#XAO; 





binutils -- readelf 
&#HxAO; 


In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and 
versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8- 
$1 -> 9.16.13-S1 of BIND Supported Preview 
Edition, as well as release versions 9.17.0 -> 
9.17.11 of the BIND 9.17 development branch, 
when a vulnerable version of named receives a 
query for a record triggering the flaw described 
above, the named process will terminate due to a 
failed assertion check. The vulnerability affects all 
currently maintained BIND 9 branches (9.11, 9.11- 
S, 9.16, 9.16-S, 9.17) as well as all other versions 
of BIND 9. 


A flaw was found in binutils readelf 2.35 program. 


An attacker who is able to convince a victim using 
readelf to read a crafted file could trigger a stack 
buffer overflow, out-of-bounds write of arbitrary data 
supplied by the attacker. The highest impact of this 
flaw is to confidentiality, integrity, and availability. 


2021-04- 
29 


2021-04- 
29 








browserlist -- browserlist 
&#xAO; 


The package browserslist from 4.0.0 and before 
4.16.5 are vulnerable to Regular Expression Denial 
of Service (ReDoS) during parsing of queries. 


2021-04- 
28 




















The web interfaces of Buffalo WSR-2533DHPL2 
firmware version <= 1.02 and WSR-2533DHP3 
firmware version <= 1.24 do not properly restrict 
access to sensitive information from an 
unauthorized actor. 


The web interfaces of Buffalo WSR-2533DHPL2 


firmware version <= 1.02 and WSR-2533DHP3 
firmware version <= 1.24 do not properly sanitize 
user input. An authenticated remote attacker could 
leverage this vulnerability to alter device 
configuration, potentially gaining remote code 
execution. 


A path traversal vulnerability in the web interfaces 


of Buffalo WSR-2533DHPL2 firmware version <= 
1.02 and WSR-2533DHP3 firmware version <= 
1.24 could allow unauthenticated remote attackers 
to bypass authentication. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
29 


2021-04- 
29 


2021-04- 
29 
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buffalo -- 
multiple_network_devices 
&#xAO; 








Hidden functionality in multiple Buffalo network 
devices (BHR-4RV firmware Ver.2.55 and prior, FS- 
G54 firmware Ver.2.04 and prior, WBR2-B11 
firmware Ver.2.32 and prior, WBR2-G54 firmware 
Ver.2.32 and prior, WBR2-G54-KD firmware 
Ver.2.32 and prior, WBR-B11 firmware Ver.2.23 and 
prior, WBR-G54 firmware Ver.2.23 and prior, WBR- 
G54L firmware Ver.2.20 and prior, WHR2-A54G54 
firmware Ver.2.25 and prior, WHR2-G54 firmware 
Ver.2.23 and prior, WHR2-G54V firmware Ver.2.55 
and prior, WHR3-AG54 firmware Ver.2.23 and prior, 
WHR-G54 firmware Ver.2.16 and prior, WHR-G54- 
NF firmware Ver.2.10 and prior, WLA2-G54 
firmware Ver.2.24 and prior, WLA2-G54C firmware 
Ver.2.24 and prior, WLA-B11 firmware Ver.2.20 and 
prior, WLA-G54 firmware Ver.2.20 and prior, WLA- 
G54C firmware Ver.2.20 and prior, WLAH-A54G54 
firmware Ver.2.54 and prior, WLAH-AM54G54 
firmware Ver.2.54 and prior, WLAH-G54 firmware 
Ver.2.54 and prior, WLI2-TX1-AG54 firmware 
Ver.2.53 and prior, WLI2-TX1-AMG54 firmware 
Ver.2.53 and prior, WLI2-TX1-G54 firmware 
Ver.2.20 and prior, WLI3-TX1-AMG54 firmware 
Ver.2.53 and prior, WLI3-TX1-G54 firmware 
Ver.2.53 and prior, WLI-T1-B11 firmware Ver.2.20 
and prior, WLI-TX1-G54 firmware Ver.2.20 and 
prior, WVR-G54-NF firmware Ver.2.02 and prior, 
WZR-G108 firmware Ver.2.41 and prior, WZR-G54 
firmware Ver.2.41 and prior, WZR-HP-G54 firmware 
Ver.2.41 and prior, WZR-RS-G54 firmware Ver.2.55 
and prior, and WZR-RS-G54HP firmware Ver.2.55 
and prior) allows a remote attacker to enable the 
debug option and to execute arbitrary code or OS 
commands, change the configuration, and cause a 








denial of service (DoS) condition. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
28 
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buffalo -- multiple_routers 


&#XAO; 


buffalo -- multiple_routers 
&#XAO; 














Improper access control vulnerability in Buffalo 
broadband routers (BHR-4GRV firmware Ver.1.99 
and prior, DWR-HP-G300NH firmware Ver.1.83 and 
prior, HW-450HP-ZWE firmware Ver.1.99 and prior, 
WHR-300HP firmware Ver.1.99 and prior, WHR- 
300 firmware Ver.1.99 and prior, WHR-G301N 
firmware Ver.1.86 and prior, WHR-HP-G300N 
firmware Ver.1.99 and prior, WHR-HP-GN firmware 
Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 
and prior, WZR-450HP-CWT firmware Ver.1.99 and 
prior, WZR-450HP-UB firmware Ver.1.99 and prior, 
WZR-HP-AG300H firmware Ver.1.75 and prior, 
WZR-HP-G300NH firmware Ver.1.83 and prior, 
WZR-HP-G301NH firmware Ver.1.83 and prior, 
WZR-HP-G302H firmware Ver.1.85 and prior, WZR- 
HP-G450H firmware Ver.1.89 and prior, WZR- 
300HP firmware Ver.1.99 and prior, WZR-450HP 
firmware Ver.1.99 and prior, WZR-GOODHP 
firmware Ver.1.99 and prior, WZR-D1100H firmware 
Ver.1.99 and prior, FS-HP-G300N firmware 
Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 
and prior, FS-R600DHP firmware Ver.3.39 and 
prior, and FS-G300N firmware Ver.3.13 and prior) 
allows remote unauthenticated attackers to bypass 
access restriction and to start telnet service and 
execute arbitrary OS commands with root privileges 
Via unspecified vectors. 


Disclosure of sensitive information to an 
unauthorized user vulnerability in Buffalo 
broadband routers (BHR-4GRV firmware Ver.1.99 
and prior, DWR-HP-G300NH firmware Ver.1.83 and 
prior, HW-450HP-ZWE firmware Ver.1.99 and prior, 
WHR-300HP firmware Ver.1.99 and prior, WHR- 
300 firmware Ver.1.99 and prior, WHR-G301N 
firmware Ver.1.86 and prior, WHR-HP-G300N 
firmware Ver.1.99 and prior, WHR-HP-GN firmware 
Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 
and prior, WZR-450HP-CWT firmware Ver.1.99 and 
prior, WZR-450HP-UB firmware Ver.1.99 and prior, 
WZR-HP-AG300H firmware Ver.1.75 and prior, 
WZR-HP-G300NH firmware Ver.1.83 and prior, 
WZR-HP-G301NH firmware Ver.1.83 and prior, 
WZR-HP-G302H firmware Ver.1.85 and prior, WZR- 
HP-G450H firmware Ver.1.89 and prior, WZR- 
300HP firmware Ver.1.99 and prior, WZR-450HP 
firmware Ver.1.99 and prior, WZR-GOODHP 
firmware Ver.1.99 and prior, WZR-D1100H firmware 
Ver.1.99 and prior, FS-HP-G300N firmware 
Ver.3.32 and prior, FS-6O0DHP firmware Ver.3.38 
and prior, FS-R600DHP firmware Ver.3.39 and 
prior, and FS-G300N firmware Ver.3.13 and prior) 
allows remote unauthenticated attackers to obtain 
information such as configuration via unspecified 
vectors. 





https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
28 


2021-04- 
28 
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bundler -- bundler 
&#xAO; 


Bundler 1.16.0 through 2.2.9 and 2.2.11 through 
2.2.16 sometimes chooses a dependency source 
based on the highest gem version number, which 
means that a rogue gem found at a public source 
may be chosen, even if the intended choice was a 
private gem that is a dependency of another private 
gem that is explicitly depended on by the 
application. NOTE: it is not correct to use CVE- 
2021-24105 for every "Dependency Confusion" 
issue in every product. 


2021-04- 
29 








cesanta -- mongooseos 
&#xA0; 


chamilo -- chamilo 
&#xAO; 





china -- mobile_an_lianbao 
&#XAO; 








In mjs_json.c in Cesanta MongooseOS mJS 1.26, a 
maliciously formed JSON string can trigger an off- 
by-one heap-based buffer overflow in 
mjs_json_parse, which can potentially lead to 
redirection of control flow. 


A remote code execution vulnerability exists in 


Chamilo through 1.11.14 due to improper input 
sanitization of a parameter used for file uploads, 
and improper file-extension filtering for certain 
filenames (e.g., .phar or .pht). A remote 
authenticated administrator is able to upload a file 
containing arbitrary PHP code into specific 
directories via main/inc/lib/fileUpload.lib.php 


directory traversal to achieve PHP code execution. 


Command injection vulnerability in China Mobile An 
Lianbao WF-1 1.01 via the 'ip' parameter with a 
POST request to /api/ZRQos/set_online_client. 


2021-04- 
29 


2021-04- 
30 


2021-04- 
29 





china_mobile -- an_lianbao 
&#XAD; 





china_mobile -- 
an_lianbao_wf-1_router 
&#xAO0; 





The api/ZRAndlink/set_ZRAndlink interface in 


China Mobile An Lianbao WF-1 router 1.0.1 allows 
remote attackers to execute arbitrary commands 
via shell metacharacters in the 
iandlink_proc_enable parameter. 


The api/zrDm/set_zrDm interface in China Mobile 


An Lianbao WF-1 router 1.0.1 allows remote 
attackers to execute arbitrary commands via shell 
metacharacters in the dm_enable, AppKey, or Pwd 
parameter. 


2021-04- 
29 


2021-04- 
29 








china_mobile -- 
an_lianbao_wf-1_router 
&#xAO0; 


china_mobile -- 
an_lianbao_wf-a_router 








The api/ZRFirmware/set_time_zone interface in 
China Mobile An Lianbao WF-1 router 1.0.1 allows 
remote attackers to execute arbitrary commands 
via shell metacharacters in the zonename 
parameter. 


The api/ZRIGMP/set_MLD_PROXY interface in 


China Mobile An Lianbao WF-1 router 1.0.1 allows 
remote attackers to execute arbitrary commands 
via shell metacharacters in the 


MLD_PROXY_WAN_CONNECT parameter. 


2021-04- 
29 


2021-04- 
29 





china_mobile -- 
an_lianbao_wf-a_router 
&#xAO0; 














The api/zrDm/set_ZRElink interface in China 
Mobile An Lianbao WF-1 router 1.0.1 allows remote 
attackers to execute arbitrary commands via shell 
metacharacters in the bssaddr, abiaddr, devtoken, 


devid, elinksync, or elink_proc_enable parameter. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
29 
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china_mobile -- 
an_lianbao_wf-a_router 
&#XxAO; 





china_mobile -- 
an_lianbao_wf-a_router 
&#XAO; 


The api/ZRIptv/setlptvinfo interface in China Mobile 
An Lianbao WF-1 router 1.0.1 allows remote 
attackers to execute arbitrary commands via shell 
metacharacters in the iptv_vlan parameter. 


The api/ZRIGMP/set_IGMP_PROXyY interface in 


China Mobile An Lianbao WF-1 router 1.0.1 allows 
remote attackers to execute arbitrary commands 
via shell metacharacters in the 
IGMP_PROXY_WAN_CONNECT parameter. 


2021-04- 
29 


2021-04- 
29 











CISCO -- 


Multiple vulnerabilities in Cisco Adaptive Security 
Appliance (ASA) Software and Firepower Threat 
Defense (FTD) Software could allow an 
unauthenticated, remote attacker to cause a denial 
of service (DoS) condition on an affected device. 
These vulnerabilities are due to lack of proper input 
validation of the HTTPS request. An attacker could 


adaptive_security_appliance|esq@ftwatleese vulnerabilities by sending a crafted 


&#XAO; 


HTTPS request to an affected device. A successful 
exploit could allow the attacker to cause the 
affected device to reload, resulting in a DoS 
condition. Note: This vulnerability affects only 
specific AnyConnect and WebVPN configurations. 
For more information, see the Vulnerable Products 
section. 


2021-04- 
29 


not yet 
calculate 


CVE-2021- 
1445 
ISCO 








CISCO -- 


A vulnerability in the web services interface of 
Cisco Adaptive Security Appliance (ASA) Software 
and Cisco Firepower Threat Defense (FTD) 
Software could allow an authenticated, remote 
attacker to cause a buffer overflow on an affected 
system. The vulnerability is due to insufficient 
boundary checks for specific data that is provided 


adaptive_security_appliance|tsdftwareb services interface of an affected system. 


&#XAO; 


An attacker could exploit this vulnerability by 
sending a malicious HTTP request. A successful 
exploit could allow the attacker to cause a buffer 
overflow condition on the affected system, which 
could disclose data fragments or cause the device 
to reload, resulting in a denial of service (DoS) 
condition. 


2021-04- 
29 


not yet 
calculate 


CVE-2021- 
1493 
ISCO 








CISCO -- 


A vulnerability in the upgrade process of Cisco 
Adaptive Security Appliance (ASA) Software and 
Cisco Firepower Threat Defense (FTD) Software 
could allow an authenticated, local attacker to inject 
commands that could be executed with root 
privileges on the underlying operating system (OS). 


adaptive_security_appliance|Tgd&waheerability is due to insufficient input 
&#XAO; 











validation. An attacker could exploit this 
vulnerability by uploading a crafted upgrade 
package file to an affected device. A successful 
exploit could allow the attacker to inject commands 
that could be executed with root privileges on the 





underlying OS. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
29 
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A vulnerability in the SIP inspection engine of Cisco 
Adaptive Security Appliance (ASA) Software and 
Cisco Firepower Threat Defense (FTD) Software 
could allow an unauthenticated, remote attacker to 
biség = cause a crash and reload of an affected device, 
adaptive_security_appliance Sawa ina denial of service (DoS) condition. The 2021-04- 
RH#XA0: wulnerability is due to a crash that occurs during a 29 

, hash lookup for a SIP pinhole connection. An 
attacker could exploit this vulnerability by sending 
crafted SIP traffic through an affected device. A 
successful exploit could allow the attacker to cause 
a crash and reload of the affected device. 


Multiple vulnerabilities in Cisco Adaptive Security 
Appliance (ASA) Software and Firepower Threat 
Defense (FTD) Software could allow an 
unauthenticated, remote attacker to cause a denial 
of service (DoS) condition on an affected device. 
These vulnerabilities are due to lack of proper input 
cisco -- validation of the HTTPS request. An attacker could 
adaptive_security_applianceles@iiwvatleese vulnerabilities by sending a crafted 
&#xA0; HTTPS request to an affected device. A successful 
exploit could allow the attacker to cause the 
affected device to reload, resulting ina DoS 
condition. Note: This vulnerability affects only 
specific AnyConnect and WebVPN configurations. 
For more information, see the Vulnerable Products 
section. 


A vulnerability in the CLI of Cisco Adaptive Security 
Appliance (ASA) Software and Cisco Firepower 
Threat Defense (FTD) Software could allow an 
authenticated, local attacker to execute arbitrary 
commands on the underlying operating system 
(OS) of an affected device. The vulnerability is due 
: i , tg ipsufficient input validation of commands that are || 2021-04- 
adaptive_security_appliance Sa iy the user. An attacker could exploit this 29 

, vulnerability by authenticating to a device and 
submitting crafted input for specific commands. A 
successful exploit could allow the attacker to 
execute commands on the underlying OS with root 
privileges. To exploit this vulnerability, an attacker 
must have valid administrator-level credentials. 


A vulnerability in the REST API of Cisco Firepower 
Device Manager (FDM) On-Box Software could 
allow an authenticated, remote attacker to gain 
read and write access to information that is stored 
on an affected device. This vulnerability is due to 
the improper handling of XML External Entity (XXE) 
‘ ; entries when parsing certain XML files. An attacker || 2021-04- 
ac cd could exploit this vulnerability by sending malicious 29 

j requests that contain references in XML entities to 
an affected system. A successful exploit could allow 
the attacker to retrieve files from the local system, 
resulting in the disclosure of sensitive information 
or causing a partial denial of service (DoS) 
condition on the affected device. 











2021-04- CVE-2021- 


29 


CISCO -- 





CISCO -- 
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CiSCO -- 


&#XAO; 


CISCO -- 
firepower_management_cenfer S 


&#XAO; 





A vulnerability in filesystem usage management for 
Cisco Firepower Device Manager (FDM) Software 
could allow an authenticated, remote attacker to 
exhaust filesystem resources, resulting in a denial 
of service (DoS) condition on an affected device. 
This vulnerability is due to the insufficient 
management of available filesystem resources. An 


firepower_device_manager _|sifaekee could exploit this vulnerability by uploading 


files to the device and exhausting available 
filesystem resources. A successful exploit could 
allow the attacker to cause database errors and 
cause the device to become unresponsive to web- 
based management. Manual intervention is 
required to free filesystem resources and return the 
device to an operational state. 


management interface of Cisco Firepower 
Management Center (FMC) Software could allow 
an unauthenticated, remote attacker to conduct a 
cross-site scripting (XSS) attack against a user of 
the interface. These vulnerabilities are due to 
insufficient validation of user-supplied input by the 

eb-based management interface. An attacker 
could exploit these vulnerabilities by persuading a 
user of the interface to click a crafted link. A 
successful exploit could allow the attacker to 
execute arbitrary script code in the context of the 
interface or access sensitive, browser-based 
information. 


Multiple vulnerabilities in the web-based 


2021-04- 
29 


2021-04- 
29 








CISCO -- 
firepower_management_cen 
&#XAD; 





CISCO -- 


&#XAO; 


firepower_management_cenfers 


A vulnerability in an access control mechanism of 
Cisco Firepower Management Center (FMC) 
Software could allow an authenticated, remote 
attacker to access services beyond the scope of 
their authorization. This vulnerability is due to 
insuffigient enforcement of access control in the 
betta Software. An attacker could exploit this 
Vulnerability by directly accessing the internal 
services of an affected device. A successful exploit 
could allow the attacker to overwrite policies and 
impact the configuration and operation of the 
affected device. 


Multiple vulnerabilities in the web-based 
management interface of Cisco Firepower 
Management Center (FMC) Software could allow 
an unauthenticated, remote attacker to conduct a 
cross-site scripting (XSS) attack against a user of 
the interface. These vulnerabilities are due to 
insufficient validation of user-supplied input by the 
-Dased management interface. An attacker 
could exploit these vulnerabilities by persuading a 
user of the interface to click a crafted link. A 
successful exploit could allow the attacker to 
execute arbitrary script code in the context of the 
interface or access sensitive, browser-based 








information. 








2021-04- 
29 


2021-04- 
29 
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CISCO -- 
firepower_management_cen 
&#XAO; 


Multiple vulnerabilities in the web-based 
management interface of Cisco Firepower 
Management Center (FMC) Software could allow 
an unauthenticated, remote attacker to conduct a 
cross-site scripting (XSS) attack against a user of 
the interface. These vulnerabilities are due to 
insufficient validation of user-supplied input by the 
wets: fale nanagement interface. An attacker 
could exploit these vulnerabilities by persuading a 
user of the interface to click a crafted link. A 
successful exploit could allow the attacker to 
execute arbitrary script code in the context of the 
interface or access sensitive, browser-based 
information. 


2021-04- 
29 


not yet 
calculate 


CVE-2021- 
1457 
ISCO 








CiSCO -- 


CiSCO -- 


&#XAO; 


CiSCO -- 


&#XAO; 











firepower_managment_center 
&#XAD; 





Multiple vulnerabilities in the web-based 
management interface of Cisco Firepower 
Management Center (FMC) Software could allow 
an unauthenticated, remote attacker to conduct a 
cross-site scripting (XSS) attack against a user of 
the interface. These vulnerabilities are due to 
PaoHGSR validation of user-supplied input by the 
web-based management interface. An attacker 
could exploit these vulnerabilities by persuading a 
user of the interface to click a crafted link. A 
successful exploit could allow the attacker to 
execute arbitrary script code in the context of the 
interface or access sensitive, browser-based 
information. 


A vulnerability in the CLI of Cisco Firepower Threat 


Defense (FTD) Software could allow an 
authenticated, local attacker to overwrite files on 
the file system of an affected device by using 
directory traversal techniques. A successful exploit 
could cause system instability if important system 
files are overwritten. This vulnerability is due to 


firepower_threat_defense_s«ifteafifecient validation of user input for the file path 


in a specific CLI command. An attacker could 
exploit this vulnerability by logging in to a targeted 
device and issuing a specific CLI command with 
crafted user input. A successful exploit could allow 
the attacker to overwrite arbitrary files on the file 
system of the affected device. The attacker would 
need valid user credentials on the device. 


message handler of Cisco Firepower Threat 
Defense (FTD) Software could allow an 
unauthenticated, remote attacker to trigger a reload 
of an affected device, resulting in a denial of 
service (DoS) condition. The vulnerability is due to 
insufficient validation of SSL/TLS messages when 
the device performs software-based SSL 


firepower_threat_defense_sofitecayption. An attacker could exploit this 


vulnerability by sending a crafted SSL/TLS 
message through an affected device. SSL/TLS 
messages sent to an affected device do not trigger 
this vulnerability. A successful exploit could allow 
the attacker to cause a process to crash. This crash 
would then trigger a reload of the device. No 
manual intervention is needed to recover the device 
after the reload. 





https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 


A vulnerability in the software-based SSL/TLS 








2021-04- 
29 


2021-04- 
29 


2021-04- 
29 
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CiSCO -- 


cisco -- multiple_ products 
&#XAO; 


ckeditor -- ckeditor 
&#xAO; 


cloudengine -- 
multiple_devices 
&#XAO; 





cloudengine -- 
multiple_devices 
&#XAO; 





firepower_threat_defense_so 
&#XAO; 











A vulnerability in the CLI of Cisco Firepower Threat 
Defense (FTD) Software could allow an 
authenticated, local attacker to execute arbitrary 
commands with root privileges on the underlying 
operating system of an affected device that is 

r inning in multi-instance mode. This vulnerability is 
Ue {6 insufficient validation of user-supplied 
command arguments. An attacker could exploit this 
vulnerability by submitting crafted input to the 
affected command. A successful exploit could allow 
the attacker to execute commands on the 


underlying operating system with root privileges. 


Multiple Cisco products are affected by a 
vulnerability in the Snort detection engine that could 
allow an unauthenticated, remote attacker to 
bypass a configured file policy for HTTP. The 
vulnerability is due to incorrect handling of specific 
HTTP header parameters. An attacker could exploit 
this vulnerability by sending crafted HTTP packets 
through an affected device. A successful exploit 
could allow the attacker to bypass a configured file 
policy for HTTP packets and deliver a malicious 
payload. 


CKEditor 5 provides a WYSIWYG editing solution. 


This CVE affects the following npm packages: 
ckeditor5-engine, ckeditor5-font, ckeditor5-image, 
ckeditor5-list, ckeditor5-markdown-gfm, ckeditor5- 
media-embed, ckeditor5-paste-from-office, and 
ckeditor5-widget. Following an internal audit, a 
regular expression denial of service (ReDoS) 
Vulnerability has been discovered in multiple 
CKEditor 5 packages. The vulnerability allowed to 
abuse particular regular expressions, which could 
cause a significant performance drop resulting in a 
browser tab freeze. It affects all users using the 
CKEditor 5 packages listed above at version <= 
26.0.0. The problem has been recognized and 
patched. The fix will be available in version 27.0.0. 


There is a denial of service vulnerability in some 


versions of CloudEngine 5800, CloudEngine 6800, 
CloudEngine 7800 and CloudEngine 12800. The 
affected product cannot deal with some messages 
because of module design weakness . Attackers 
can exploit this vulnerability by sending a large 
amount of specific messages to cause denial of 
service. This can compromise normal service. 


There is a pointer double free vulnerability in some 


versions of CloudEngine 5800, CloudEngine 6800, 
CloudEngine 7800 and CloudEngine 12800. When 
a function is called, the same memory pointer is 
copied to two functional modules. Attackers can 
exploit this vulnerability by performing a malicious 
operation to cause the pointer double free. This 
may lead to module crash, compromising normal 
service. 








2021-04- 
29 


2021-04- 
29 


2021-04- 
29 


2021-04- 
28 


2021-04- 
28 


CVE-2021- 
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cncf -- cortex 
&#xAO; 


cncsoft-b -- cncsoft-b 
&#HxAO; 





The Alertmanager in CNCF Cortex before 1.8.1 has 
a local file disclosure vulnerability when - 
experimental.alertmanager.enable-api is used. The 
HTTP basic auth password_file can be used as an 
attack vector to send any file content via a 
webhook. The alertmanager templates can be used 
as an attack vector to send any file content 
because the alertmanager can load any text file 
specified in the templates list. 


CNCSoft-B Versions 1.0.0.3 and prior is vulnerable 
to an out-of-bounds read, which may allow an 
attacker to execute arbitrary code. 


2021-04- 
30 


2021-04- 
27 








composer -- composer 
&#xA0; 


cpanel -- cpanel 
&#xAO0; 


cubecoders -- 


&#XAO; 














Composer is a dependency manager for PHP. 
URLs for Mercurial repositories in the root 
composer.json and package source download 
URLs are not sanitized correctly. Specifically 
crafted URL values allow code to be executed in 
the HgDriver if hg/Mercurial is installed on the 
system. The impact to Composer users directly is 
limited as the composer.json file is typically under 
their own control and source download URLs can 
only be supplied by third party Composer 
repositories they explicitly trust to download and 
execute source code from, e.g. Composer plugins. 
The main impact is to services passing user input 
to Composer, including Packagist.org and Private 
Packagist. This allowed users to trigger remote 
code execution. The vulnerability has been patched 
on Packagist.org and Private Packagist within 12h 
of receiving the initial vulnerability report and based 
on a review of logs, to the best of our knowledge, 
was not abused by anyone. Other services/tools 
using VcsRepository/VcsDriver or derivatives may 
also be vulnerable and should upgrade their 
composer/composer dependency immediately. 
Versions 1.10.22 and 2.0.13 include patches for 
this issue. 


cPanel before 94.0.3 allows self-XSS via 
EasyApache 4 Save Profile (SEC-581). 


AMP Application Deployment Service in 
CubeCoders AMP 2.1.x before 2.1.1.2 allows a 
remote, authenticated user to open ports in the 


application_deployment_servioeal system firewall by crafting an HTTP(S) 


request directly to the applicable API endpoint 
(despite not having permission to make changes to 





the system's network configuration). 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
27 


2021-04- 
26 


2021-04- 
30 


not yet 
calculate 


not yet 
calculate 











CVE-2021- 
1803 
ISC 
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cumulative-distribution- 
function&#xA0;-- 
cumulative-distribution- 
function 

&#HxAO; 


cumulative-distribution-function is an open source 
npm library used which calculates statistical 
cumulative distribution function from data array of x 
values. In versions prior to 2.0.0 apps using this 
library on improper data may crash or go into an 
infinite-loop. In the case of a nodejs server-app 
using this library to act on invalid non-numeric data, 
the nodejs server may crash. This may affect other 
users of this server and/or require the server to be 
rebooted for proper operation. In the case of a 
browser app using this library to act on invalid non- 
numeric data, that browser may crash or lock up. A 
flaw enabling an infinite-loop was discovered in the 
code for evaluating the cumulative-distribution- 
function of input data. Although the documentation 
explains that numeric data is required, some users 
may confuse an array of strings like 
["1","2","3","4","5"] for numeric data [1,2,3,4,5] when 
itis in fact string data. An infinite loop is possible 
when the cumulative-distribution-function is 
evaluated for a given point when the input data is 
string data rather than type ‘number’. This 
vulnerability enables an infinite-cpu-loop denial-of- 
service-attack on any app using npm:cumulative- 
distribution-function v1.0.3 or earlier if the attacker 
can supply malformed data to the library. The 
Vulnerability could also manifest if a data source to 
be analyzed changes data type from Arrays of 
number (proper) to Arrays of string (invalid, but 
undetected by earlier version of the library). Users 
should upgrade to at least v2.0.0, or the latest 
version. Tests for several types of invalid data have 
been created, and version 2.0.0 has been tested to 
reject this invalid data by throwing a ‘TypeError() 
instead of processing it. Developers using this 
library may wish to adjust their app's code slightly 
to better tolerate or handle this TypeError. Apps 
performing proper numeric data validation before 
sending data to this library should be mostly 
unaffected by this patch. The vulnerability can be 
mitigated in older versions by ensuring that only 
finite numeric data of type “Array[number]* or 
“number is passed to ‘cumulative-distribution- 
function’ and its “f(x) function, respectively. 


2021-04- 
30 








cygwin -- cygwin 
&#XAD; 





Cygwin Git is a patch set for the git command line 
tool for the cygwin environment. A specially crafted 
repository that contains symbolic links as well as 
files with backslash characters in the file name may 
cause just-checked out code to be executed while 
checking out a repository using Git on Cygwin. The 
problem will be patched in the Cygwin Git v2.31.1-2 
release. At time of writing, the vulnerability is 
present in the upstream Git source code; any 
Cygwin user who compiles Git for themselves from 
upstream sources should manually apply a patch to 
mitigate the vulnerability. As mitigation users should 
not clone or pull from repositories from untrusted 
sources. CVE-2019-1354 was an equivalent 
vulnerability in Git for Visual Studio. 











2021-04- 
29 
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d-link -- dap- 
1880ac_firmware 





d-link -- dap- 
1880ac_firmware 
&#XAO; 





DAP-1880AC firmware version 1.21 and earlier 
allows a remote authenticated attacker to execute 
arbitrary OS commands by sending a specially 
crafted request to a specific CGI program. 


Improper access control vulnerability in DAP- 
1880AC firmware version 1.21 and earlier allows a 
remote authenticated attacker to bypass access 
restriction and to start a telnet service via 
unspecified vectors. 


Improper following of a certificate's chain of trust 


vulnerability in DAP-1880AC firmware version 1.21 
and earlier allows a remote authenticated attacker 


to gain root privileges via unspecified vectors. 


2021-04- 
26 


2021-04- 
26 


2021-04- 
26 





d-link -- dap- 
1880ac_firmware 
&#XxAO; 





dell -- emc_idrac9 








dell -- emc_idrac9 


Missing authentication for critical function in DAP- 
1880AC firmware version 1.21 and earlier allows a 
remote attacker to login to the device as an 
authenticated user without the access privilege via 
unspecified vectors. 


Dell EMC iDRAC9 versions prior to 4.40.00.00 


contain a Time-of-check Time-of-use (TOCTOU) 
race condition vulnerability. A remote authenticated 
attacker could potentially exploit this vulnerability to 
gain elevated privileges when a user with higher 
privileges is simultaneously accessing iDRAC 
through the web interface. 


Dell EMC iDRAC9 versions prior to 4.40.00.00 


contain multiple stored cross-site scripting 
vulnerabilities. A remote authenticated malicious 
user with high privileges could potentially exploit 
these vulnerabilities to store malicious HTML or 
JavaScript code through multiple affected 
parameters. When victim users access the 
submitted data through their browsers, the 
malicious code gets executed by the web browser 
in the context of the vulnerable application. 


2021-04- 
26 


2021-04- 
30 


2021-04- 
30 








dell -- emc_idrac9 





Dell EMC iDRAC9 versions prior to 4.40.00.00 
contain an improper authentication vulnerability. A 
remote authenticated malicious user with high 
privileges could potentially exploit this vulnerability 
to manipulate the username field under the 
comment section and set the value to any user. 


Dell EMC iDRAC9 versions prior to 4.40.00.00 


contain a DOM-based cross-site scripting 
vulnerability. A remote unauthenticated attacker 
could potentially exploit this vulnerability by tricking 
a victim application user to supply malicious HTML 
or JavaScript code to DOM environment in the 
browser. The malicious code is then executed by 
the web browser in the context of the vulnerable 
web application. 


2021-04- 
30 


2021-04- 
30 

















Dell EMC iDRAC9 versions prior to 4.40.00.00 
contain a stack-based overflow vulnerability. A 
remote authenticated attacker could potentially 
exploit this vulnerability to overwrite configuration 





information by injecting arbitrarily large payload. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
30 
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dell -- emc_idrac9 
&#XAO; 


Dell EMC iDRAC9 versions prior to 4.40.10.00 
contain multiple stored cross-site scripting 
vulnerabilities. A remote authenticated malicious 
user with high privileges could potentially exploit 
these vulnerabilities to store malicious HTML or 
JavaScript code through multiple affected while 
generating a certificate. When victim users access 
the submitted data through their browsers, the 
malicious code gets executed by the web browser 
in the context of the vulnerable application. 


2021-04- 
30 


not yet 
calculate 


CVE-2021- 


1542 


ISC 








dell -- emc_networking_x- 
series 
&#XAO; 





dell -- emc_unity 
&#XAD; 





Dell EMC Networking X-Series firmware versions 
prior to 3.0.1.8 and Dell EMC PowerEdge VRTX 
Switch Module firmware versions prior to 2.0.0.82 
contain a Weak Password Encryption Vulnerability. 
A remote unauthenticated attacker could potentially 
exploit this vulnerability, leading to the disclosure of 
certain user credentials. The attacker may be able 
to use the exposed credentials to access the 
vulnerable system with privileges of the 
compromised account. 


Dell EMC Unity, UnityVSA, and Unity XT versions 


prior to 5.0.7.0.5.008 contain a plain-text password 
storage vulnerability when the Dell Upgrade 
Readiness Utility is run on the system. The 
credentials of the Unisphere Administrator are 
stored in plain text. A local malicious user with high 
privileges may use the exposed password to gain 


access with the privileges of the compromised user. 


2021-04- 
30 


2021-04- 
30 





CVE-2021- 





dell -- hybrid_client 











Dell Hybrid Client versions prior to 1.5 contain a 
missing authentication for a critical function 
vulnerability. A local unauthenticated attacker may 


2021-04- 











abi exploit this vulnerability in order to gain root level oi 
access to the system. 
Dell Hybrid Client versions prior to 1.5 contain an 
: : information exposure vulnerability. A local re 
oe unauthenticated attacker may exploit this a 
, Vulnerability in order to gain access to sensitive 
information via the local API. 
Dell Hybrid Client versions prior to 1.5 contain an 
‘ , information exposure vulnerability. A local Pra 
aa unauthenticated attacker may exploit this ear 
: vulnerability in order to register the client toa 
server in order to view sensitive information. 
Dell Hybrid Client versions prior to 1.5 contain an 
; ‘ information exposure vulnerability. A local sexe 
Pe unauthenticated attacker may exploit this a 
, vulnerability in order to view and extfiltrate sensitive 
information on the system. 
Dell OpenManage Enterprise-Modular (OME-M) 
versions prior to 1.30.00 contain a security bypass 
dell -- Vulnerability. An authenticated malicious user with 
openmanage_enterprise- low privileges may potentially exploit the 2021-04- 
modular vulnerability to escape from the restricted 30 


&#XAO; 








environment and gain access to sensitive 
information in the system, resulting in information 





disclosure and elevation of privilege. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 
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dell -- unisphere 
&#xAO0; 


delta -- 
industrial_ automation 
&#xAO0; 





django -- django 
&#xAO0; 








Dell Unisphere for PowerMax versions prior to 
9.2.1.6 contain an Authorization Bypass 
Vulnerability. A local authenticated malicious user 
with monitor role may exploit this vulnerability to 
perform unauthorized actions. 


Delta Industrial Automation COMMGR Versions 


1.12 and prior are vulnerable to a stack-based 
buffer overflow, which may allow an attacker to 
execute remote code. 


django-filter is a generic system for filtering Django 


QuerySets based on user selections. In django- 
filter before version 2.4.0, automatically generated 
‘NumberFilter’ instances, whose value was later 
converted to an integer, were subject to potential 
DoS from maliciously input using exponential 
format with sufficiently large exponents. Version 
2.4.0+ applies a ‘MaxValueValidator with aa 
default ‘limit_value* of 1e50 to the form field used 
by ‘NumberFilter’ instances. In addition, 
“NumberFilter’ implements the new 
*get_max_validator()’ which should return a 
configured validator instance to customise the limit, 
or else ‘None’ to disable the additional validation. 
Users may manually apply an equivalent validator if 
they are not able to upgrade. 


2021-04- 
30 


2021-04- 
27 


2021-04- 
29 





CVE-2021- 








dreamforver -- simple_ghc 
&#xA0; 





SQL injection in the getip function in 


remote attackers to inject arbitrary SQL commands 
via the X-Forwarded-For header to 
admin/product_add.php. 


The unofficial vscode-ghc-simple (aka Simple 
Glasgow Haskell Compiler) extension before 0.2.3 
for Visual Studio Code allows remote code 
execution via a crafted workspace configuration 
with rep|Command. 


2021-04- 
29 


2021-04- 
25 





CVE-2021- 








edimax -- 
wireless_network_camera 











The default administrator account & password of 
the EDIMAX wireless network camera is hard- 
coded. Remote attackers can disassemble 


2021-04- 




















https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








&#xAO0; firmware to obtain the privileged permission and 
further control the devices. 
The manage users profile services of the network 
edimax -- camera device allows an authenticated. Remote 2021-04- 
wireless _network_camera_ |jattackers can modify URL parameters and further 28 
&#xA0; amend user’s information and escalate privileges to 
control the devices. 
elias 2 The sensitive information of webcam device is not 
Wireless “petiole camera properly protected. Remote attackers can 2021-04- 
&H#xA0: = unauthentically grant administrator’s credential and 28 
, further control the devices. 
emlog -- emlog Cross Site Scripting (XSS) vulnerability in the 2021-04- || not yet eo 
&#xA0; article comments feature in emlog 6.0. 29 calculate ISC 
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emmanuel -- 
mydomoathome 
&#xAO0; 


Emmanuel MyDomoAtHome (MDAH) REST API 
REST API Domoticz ISS Gateway 0.2.40 is 
affected by an information disclosure vulnerability 
due to improper access control enforcement. An 
unauthenticated remote attacker can exploit this, 
Via a specially crafted request to gain access to 
sensitive information. 


2021-04- 
29 


not yet 
calculate 


CVE-2020- 
21990 

XPLOIT-DB 
MISC 








etherpad -- etherpad 





etherpad -- etherpad 


Etherpad < 1.8.3 is affected by a missing lock 
check which could cause a denial of service. 
Aggressively targeting random pad import 
endpoints with empty data would flatten all pads 
due to lack of rate limiting and missing ownership 
check. 


In Etherpad UeberDB < 0.4.4, due to MySQL 


omitting trailing spaces on char / varchar columns 
during comparisons, retrieving database records 
using UeberDB's MySQL connector could allow 
bypassing access controls enforced on key names. 


2021-04- 
28 


2021-04- 
28 





etherpad -- etherpad 
&#XAO; 


etherpad -- etherpad 
&#xAO0; 


etherpad -- etherpad 
&#XAO; 





exiv2 -- exiv2 
&#xAO; 











Etherpad <1.8.3 stored passwords used by users 


insecurely in the database and in log files. This 
affects every database backend supported by 
Etherpad. 


In Etherpad < 1.8.3, a specially crafted URI would 


raise an unhandled exception in the cache 
mechanism and cause a denial of service (crash 
the instance). 


Etherpad < 1.8.3 is affected by a denial of service 


in the import functionality. Upload of binary file to 
the import endpoint would crash the instance. 


Exiv2 is a C++ library and a command-line utility to 


read, write, delete and modify Exif, IPTC, XMP and 
ICC image metadata. An out-of-bounds read was 
found in Exiv2 versions v0.27.3 and earlier. Exiv2 is 
a command-line utility and C++ library for reading, 
writing, deleting, and modifying the metadata of 
image files. The out-of-bounds read is triggered 
when Exiv2 is used to write metadata into a crafted 
image file. An attacker could potentially exploit the 
vulnerability to cause a denial of service by 
crashing Exiv2, if they can trick the victim into 
running Exiv2 on a crafted image file. Note that this 
bug is only triggered when writing the metadata, 
which is a less frequently used Exiv2 operation 
than reading the metadata. For example, to trigger 
the bug in the Exiv2 command-line application, you 
need to add an extra command-line argument such 
as ‘insert’. The bug is fixed in version v0.27.4. 
Please see our security policy for information about 
Exiv2 security. 





https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
28 


2021-04- 
28 


2021-04- 


28 


2021-04- 
26 














CVE-2020- 
2182 
CONFIRM 





30/57 


5/3/2021 


Primary 
Vendor -- Product 


Vulnerability Summary for the Week of April 26, 2021 


Description 


Published 


Source & 
Patch Info 








exiv2 -- exiv2 
&#xAO; 





exiv2 -- exiv2 
&#xAO; 








exiv2 -- exiv2 
&#xAO; 


Exiv2 is a command-line utility and C++ library for 
reading, writing, deleting, and modifying the 
metadata of image files. An out-of-bounds read was 
found in Exiv2 versions v0.27.3 and earlier. The 
out-of-bounds read is triggered when Exiv2 is used 
to write metadata into a crafted image file. An 
attacker could potentially exploit the vulnerability to 
cause a denial of service by crashing Exiv2, if they 
can trick the victim into running Exiv2 on a crafted 
image file. Note that this bug is only triggered when 
writing the metadata, which is a less frequently 
used Exiv2 operation than reading the metadata. 
For example, to trigger the bug in the Exiv2 
command-line application, you need to add an 
extra command-line argument such as ‘insert’. The 
bug is fixed in version v0.27.4. 


Exiv2 is a command-line utility and C++ library for 


reading, writing, deleting, and modifying the 
metadata of image files. An out-of-bounds read was 
found in Exiv2 versions v0.27.3 and earlier. The 
out-of-bounds read is triggered when Exiv2 is used 
to write metadata into a crafted image file. An 
attacker could potentially exploit the vulnerability to 
cause a denial of service by crashing Exiv2, if they 
can trick the victim into running Exiv2 on a crafted 
image file. Note that this bug is only triggered when 
writing the metadata, which is a less frequently 
used Exiv2 operation than reading the metadata. 
For example, to trigger the bug in the Exiv2 
command-line application, you need to add an 
extra command-line argument such as insert. The 
bug is fixed in version vO.27.4. 


Exiv2 is a command-line utility and C++ library for 


reading, writing, deleting, and modifying the 
metadata of image files. A heap buffer overflow was 
found in Exiv2 versions v0.27.3 and earlier. The 
heap overflow is triggered when Exiv2 is used to 
write metadata into a crafted image file. An attacker 
could potentially exploit the vulnerability to gain 
code execution, if they can trick the victim into 
running Exiv2 on a crafted image file. Note that this 
bug is only triggered when writing the metadata, 
which is a less frequently used Exiv2 operation 
than reading the metadata. For example, to trigger 
the bug in the Exiv2 command-line application, you 
need to add an extra command-line argument such 
as ‘insert’. The bug is fixed in version v0.27.4. 


2021-04- 
30 


2021-04- 
23 


2021-04- 
30 








filterediterator -- 
filterediterator 
&#xAO; 





fluidsynth -- fuidsynth 
&#XAD; 





Requests is a HTTP library written in PHP. 
Requests mishandles deserialization in 
Filteredlterator. The issue has been patched and 
users of Requests’ 1.6.0, 1.6.1 and 1.7.0 should 
update to version 1.8.0. 


fluidsynth is a software synthesizer based on the 


SoundFont 2 specifications. A use after free 
Violation was discovered in fluidsynth, that can be 











triggered when loading an invalid SoundFont file. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
27 


2021-04- 
29 
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fme -- server 
&#xAO; 





Authenticated Stored XSS in FME Server versions 
2019.2 and 2020.0 Beta allows a remote attacker to 
execute codeby injecting arbitrary web script or 
HTML via modifying the name of the users. The 
XSS is executed when an administrator access the 
logs. 


2021-04- 
28 








foxit -- studio_photo 








foxit -- studio_ photo 


Unauthenticated Stored XSS in FME Server 
versions 2019.2 and 2020.0 Beta allows a remote 
attacker to gain admin privileges by injecting 
arbitrary web script or HTML via the login page. 
The XSS is executed when an administrator 
accesses the logs. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Studio Photo 3.6.6.931. User interaction is 
required to exploit this vulnerability in that the target 
must visit a malicious page or open a malicious file. 
The specific flaw exists within the parsing of JPM 
files. The issue results from the lack of proper 
validation of user-supplied data, which can result in 
a write past the end of an allocated structure. An 
attacker can leverage this vulnerability to execute 
code in the context of the current process. Was 
ZDI-CAN-12377. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Studio Photo 3.6.6.931. User interaction is 
required to exploit this vulnerability in that the target 
must visit a malicious page or open a malicious file. 
The specific flaw exists within the handling of PSP 
files. The issue results from the lack of proper 
validation of the length of user-supplied data prior 
to copying it to a fixed-length stack-based buffer. 
An attacker can leverage this vulnerability to 
execute code in the context of the current process. 
Was ZDI-CAN-12443. 


2021-04- 
28 


2021-04- 
29 


2021-04- 
29 








foxit -- studio_photo 











This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Studio Photo 3.6.6.931. User interaction is 
required to exploit this vulnerability in that the target 
must visit a malicious page or open a malicious file. 
The specific flaw exists within the handling of SGI 
files. The issue results from the lack of proper 
validation of the length of user-supplied data prior 
to copying it to a heap-based buffer. An attacker 
can leverage this vulnerability to execute code in 
the context of the current process. Was ZDI-CAN- 
12376. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Studio Photo 3.6.6.931. User interaction is 
required to exploit this vulnerability in that the target 
must visit a malicious page or open a malicious file. 
The specific flaw exists within the parsing of CMP 
files. The issue results from the lack of proper 
initialization of memory prior to accessing it. An 
attacker can leverage this vulnerability to execute 
code in the context of the current process. Was 





ZDI-CAN-12331. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
29 


2021-04- 
29 
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foxit -- studio_photo 
&#XAO; 


foxit -- studio_ photo 
&#XxAO; 





freeipa -- freeipa 
&#XAO; 








This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Studio Photo 3.6.6.931. User interaction is 
required to exploit this vulnerability in that the target 
must visit a malicious page or open a malicious file. 
The specific flaw exists within the parsing of ARW 
files. The issue results from the lack of proper 
validation of user-supplied data, which can result in 
a write past the end of an allocated data structure. 
An attacker can leverage this vulnerability to 
execute code in the context of the current process. 
Was ZDI-CAN-12333. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Studio Photo 3.6.6.931. User interaction is 
required to exploit this vulnerability in that the target 
must visit a malicious page or open a malicious file. 
The specific flaw exists within the parsing of JP2 
files. The issue results from the lack of proper 
validation of user-supplied data, which can result in 
a write past the end of an allocated structure. An 
attacker can leverage this vulnerability to execute 
code in the context of the current process. Was 
ZDI-CAN-12384. 


[A smart proxy that provides a restful API to various 


sub-systems of the Foreman is affected by the flaw 
which can cause a Man-in-the-Middle attack. The 
FreelPA module of Foreman smart proxy does not 
check the SSL certificate, thus, an unauthenticated 
attacker can perform actions in FreelPA if certain 
conditions are met. The highest threat from this 
flaw is to system confidentiality. This flaw affects 
Foreman versions before 2.5.0. 


2021-04- 
29 


2021-04- 
29 


2021-04- 
26 








CVE-2021- 








galaxyclient -- galaxyclient 
&#XAD; 


gestsup -- gestsup 
&#xA0; 














GalaxyClient version 2.0.28.9 loads unsigned DLLs 
such as zlib1.dll, libgcc_s_dw2-1.dll and 
libwinpthread-1.dll from PATH, which allows an 
attacker to potentially run code locally through 
unsigned DLL loading. 


Gestsup before 3.2.10 allows account takeover 


through the password recovery functionality 
(remote). The affected component is the file 
forgot_pwd.php - it uses a weak algorithm for the 
generation of password recovery tokens (the PHP 





uniqueid function), allowing a brute force attack. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
30 


2021-04- 
26 
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ghost -- ghost 
&#xAO0; 


Ghost is a Node.js CMS. An unused endpoint 
added during the development of 4.0.0 has left 
sites vulnerable to untrusted users gaining access 
to Ghost Admin. Attackers can gain access by 
getting logged in users to click a link containing 
malicious code. Users do not need to enter 
credentials and may not know they've visited a 
malicious site. Ghost(Pro) has already been 
patched. We can find no evidence that the issue 
was exploited on Ghost(Pro) prior to the patch 
being added. Self-hosters are impacted if running 
Ghost a version between 4.0.0 and 4.3.2. 
Immediate action should be taken to secure your 
site. The issue has been fixed in 4.3.3, all 4.x sites 
should upgrade as soon as possible. As the 
endpoint is unused, the patch simply removes it. As 
a workaround blocking access to /ghost/preview 
can also mitigate the issue. 


2021-04- 
29 








gitee -- gitee 


Directory Traversal in the fileDownload function in 
com/java2nb/common/controller/FileController.java 


read arbitrary files via the filePath parameter. 


2021-04- 
29 








gnu -- wget 
&#XAD; 


GNU Wget through 1.21.1 does not omit the 
Authorization header upon a redirect to a different 
origin, a related issue to CVE-2018-1000007. 


2021-04- 
29 








google -- android 
&#XAO; 





GAEN (aka Google/Apple Exposure Notifications) 
through 2021-04-27 on Android allows attackers to 
obtain sensitive information, such as a user's 
location history, in-person social graph, and 
(sometimes) COVID-19 infection status, because 
Rolling Proximity Identifiers and MAC addresses 
are written to the Android system log, and many 
Android devices have applications (preinstalled by 
the hardware manufacturer or network operator) 
that read system log data and send it to third 
parties. NOTE: a news outlet (The Markup) states 
that they received a vendor response indicating that 
fix deployment "began several weeks ago and will 
be complete in the coming days." 


2021-04- 
28 





google -- chrome 
google -- chrome 





google -- chrome 
&#XAO; 





Incorrect security UI in downloads in Google 
Chrome on Android prior to 90.0.4430.93 allowed a 
remote attacker to perform domain spoofing via a 
crafted HTML page. 


Insufficient data validation in V8 in Google Chrome 


prior to 90.0.4430.93 allowed a remote attacker to 
potentially exploit heap corruption via a crafted 
HTML page. 


Insufficient policy enforcement in extensions in 


Google Chrome prior to 90.0.4430.93 allowed an 
attacker who convinced a user to install a malicious 
extension to bypass navigation restrictions via a 
crafted Chrome Extension. 











2021-04- 
30 


2021-04- 
30 


2021-04- 
30 




















https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 


34/57 


5/3/2021 


Primary 
Vendor -- Product 


Vulnerability Summary for the Week of April 26, 2021 


Description 


Published 


Source & 
Patch Info 








The Alertmanager in Grafana Enterprise Metrics 
before 1.2.1 and Metrics Enterprise 1.2.1 has a 
local file disclosure vulnerability when 
experimental.alertmanager.enable-api is used. The 








graph_visualization_tools 
&#XAO; 


guix-daemon -- guix- 





remote attackers to execute arbitrary code or cause 
a denial of service (application crash) by loading a 
crafted file into the "lib/common/shapes.c" 
component. 


A security vulnerability that can lead to local 
privilege escalation has been found in ’guix- 
daemon’. It affects multi-user setups in which ’guix- 
daemon’ runs locally. The attack consists in having 
an unprivileged user spawn a build process, for 
instance with ‘guix build’, that makes its build 
directory world-writable. The user then creates a 
hardlink to a root-owned file such as /etc/shadow in 
that build directory. If the user passed the --keep- 
failed option and the build eventually fails, the 
daemon changes ownership of the whole build tree, 
including the hardlink, to the user. At that point, the 
user has write access to the target file. Versions 
after and including vO. 11.0-3298-g2608e40988, and 
versions prior to v1.2.0-75109-g94f0312546 are 
Vulnerable. 


ieee “ sahide HTTP basic auth password _file can be used as an || 2021-04- 
Ryka. = attack vector to send any file content via a 30 
, webhook. The alertmanager templates can be used 
as an attack vector to send any file content 
because the alertmanager can load any text file 
specified in the templates list. 
Buffer Overflow in Graphviz Graph Visualization 
; Tools from commit ID f8b9e035 and earlier allows 
graphviz -- 


2021-04- 
29 


2021-04- 
26 








gurunavi -- gurunavi 
&#XAD; 


hame -- sd1_wifi_firmware 
&#XAD; 


hardware_sentry -- km 
&#XAO; 


hdrblobnit -- hdrblobnit 
&#xAO; 

















Improper access control vulnerability in Gurunavi 
App for Android ver.10.0.10 and earlier and for iOS 
ver.11.1.2 and earlier allows a remote attacker to 
lead a user to access an arbitrary website via the 
vulnerable App. 


An access control vulnerability in Hame SD1 Wi-Fi 


firmware <=V.20140224154640 allows an attacker 
to get system administrator through an open Telnet 
service. 


In Hardware Sentry KM before 10.0.01 for BMC 


PATROL, a cleartext password may be discovered 
after a failure or timeout of a command. 


A flaw was found in RPM's hdrblobinit() in 
lib/header.c. This flaw allows an attacker who can 
modify the rpmdb to cause an out-of-bounds read. 
The highest threat from this vulnerability is to 





system availability. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
26 


2021-04- 
26 


2021-04- 
23 


2021-04- 
30 
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hedgedoc -- hedgedoc 
&#XAO; 











HedgeDoc (formerly known as CodiMD) is an open- 
source collaborative markdown editor. An attacker 
is able to receive arbitrary files from the file system 
when exporting a note to PDF. Since the code 
injection has to take place as note content, there 
fore this exploit requires the attackers ability to 
modify a note. This will affect all instances, which 
have pdf export enabled. This issue has been fixed 
by 
https://github.com/hedgedoc/hedgedoc/commit/c1 78 
and is available in version 1.5.0. Starting the 
CodiMD/HedgeDoc instance with 
*“CMD_ALLOW_PDF_EXPORT=false’ or set 
“"allowPDFExport": false’ in config.json can 
mitigate this issue for those who cannot upgrade. 
This exploit works because while PhantomJS 
doesn't actually render the ‘file:///’ references to the 
PDF file itself, it still uses them internally, and 
exfiltration is possible, and easy through JavaScript 
rendering. The impact is pretty bad, as the attacker 
is able to read the CodiMD/HedgeDoc ‘config.json’ 
file as well any other files on the filesystem. Even 
though the suggested Docker deploy option doesn't 
have many interesting files itself, the “config.json” 
still often contains sensitive information, database 
credentials, and maybe OAuth secrets among other 








things. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 


9474020a6 


2021-04- 
26 
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hedgedoc -- hedgedoc 
&#XAO; 


HedgeDoc (formerly known as CodiMD) is an open- 
source collaborative markdown editor. An attacker 
can read arbitrary *.md° files from the server's 
filesystem due to an improper input validation, 
which results in the ability to perform a relative path 
traversal. To verify if you are affected, you can try to 
open the following URL: 
“http://localhost:3000/..%2F..%2FREADME# 
(replace “http://localhost:3000° with your instance's 
base-URL e.g. 
“https://demo.hedgedoc.org/..%2F..%2FREADME# ) 
If you see a README page being rendered, you 
run an affected version. The attack works due the 
fact that the internal router passes the url-encoded 
alias to the ‘noteController.showNote -function. 
This function passes the input directly to findNote() 
utility function, that will pass it on the the 
parseNoteld()-function, that tries to make sense out 
of the noteld/alias and check if a note already 
exists and if so, if a corresponding file on disk was 
updated. If no note exists the note creation-function 
is called, which pass this unvalidated alias, with a 
*.md° appended, into a path.join()-function which is 
read from the filesystem in the follow up routine and 
provides the pre-filled content of the new note. This 
allows an attacker to not only read arbitrary *.md° 
files from the filesystem, but also observes changes 
to them. The usefulness of this attack can be 
considered limited, since mainly markdown files are 
use the file-ending ©.md* and all markdown files 
contained in the hedgedoc project, like the 
README, are public anyway. If other protections 
such as a chroot or container or proper file 
permissions are in place, this attack's usefulness is 
rather limited. On a reverse-proxy level one can 
force a URL-decode, which will prevent this attack 
because the router will not accept such a path. 


2021-04- 
26 


not yet 
calculate 


CVE-2021- 
9474 
CONFIRM 








homeautomation -- 
homeautomation 





homeautomation -- 
homeautomation 


allowing remote control of the smart home solution. 


HomeAutomation 3.3.2 suffers from an 
authentication bypass vulnerability when spoofing 
client IP address using the X-Forwarded-For 
header with the local (loopback) IP address value 


HomeAutomation 3.3.2 suffers from an 
authenticated OS command execution vulnerability 
using custom command v0.1 plugin. This can be 
exploited with a CSRF vulnerability to execute 
arbitrary shell commands as the web user via the 
"set_command_on' and 'set_command_off' POST 
parameters in 


'/system/systemplugins/customcommand/customconnmand. plugin. 


by using an unsanitized PHP exec() function. 


2021-04- 
27 


2021-04- 
27 











homeautomation -- 
homeautomation 
&#xAO; 





HomeAutomation 3.3.2 is affected by persistent 
Cross Site Scripting (XSS). XSS vulnerabilities 
occur when input passed via several parameters to 
several scripts is not properly sanitized before 
being returned to the user. This can be exploited to 
execute arbitrary HTML and script code in a user's 








browser session. 





2021-04- 
27 








XPLOIT-DB 
MISC 
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homeautomation -- 
homeautomation 
&#xAO; 





homeautomation -- 
homeautomation 
&#xAO; 


hot_pepper -- gourmet_app 
&#xAO0; 


huawei -- 
multiple_smart_phones 
&#XAO; 








huawei -- 


multiple_smart_phones 
&#XAD; 


HomeAutomation 3.3.2 is affected by Cross Site 
Request Forgery (CSRF). The application interface 
allows users to perform certain actions via HTTP 
requests without performing any validity checks to 
verify the requests. This can be exploited to 
perform certain actions with administrative 
privileges if a logged-in user visits a malicious web 
site. 


In HomeAutomation 3.3.2 input passed via the 


‘redirect’ GET parameter in ‘api.php' script is not 
properly verified before being used to redirect 
users. This can be exploited to redirect a user to an 
arbitrary website e.g. when a user clicks a specially 
crafted link to the affected script hosted on a 
trusted domain. 


Improper access control vulnerability in Hot Pepper 


Gourmet App for Android ver.4.111.0 and earlier, 
and for iOS ver.4.111.0 and earlier allows a remote 
attacker to lead a user to access an arbitrary 
website via the vulnerable App. 


There is an arbitrary memory write vulnerability in 


Huawei smart phone when processing file parsing. 
Due to insufficient validation of the input files, 
successful exploit could cause certain service 
abnormal. Affected product versions 

include: HUAWEI P30 versions 
10.0.0.186(C10E7R5P71), 
10.0.0.186(C461E4R3P1), 
10.0.0.188(COOE85R2P11), 


2021-04- 
27 


2021-04- 
27 


2021-04- 
27 


2021-04- 
28 


10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1F3), 


10.0.0.190(C431E22R2P5), 


10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1F3), 


( 

) 
10.0.0.190(C185E4R7P1), 

( 

( 

( 


10.0.0.190(C636E4R3P4), 
10.0.0.192(C635E3R2P4). 


There is an out of bounds write vulnerability in 


Huawei Smartphone HUAWEI P30 versions 
9.1.0.131(CO0E130R1P21) when processing a 
message. An unauthenticated attacker can exploit 
this vulnerability by sending specific message to 
the target device. Due to insufficient validation of 
the input parameter, successful exploit can cause 
the process and the service to be abnormal. 


2021-04- 
28 







21989 





CVE-2020- 
XPLOIT-DB 


CVE-2021- 








huawei -- 
multiple_smart_phones 
&#XAO; 











There is a JavaScript injection vulnerability in 
certain Huawei smartphones. A module does not 
verify some inputs sufficiently. Attackers can exploit 
this vulnerability by sending a malicious application 
request to launch JavaScript injection. This may 
compromise normal service. Affected product 
versions include HUAWEI P30 versions earlier than 
10.1.0.165(C01E165R2P 11), 
11.0.0.118(C635E2R1P3), 
11.0.0.120(CO0E120R2P5), 
11.0.0.138(C10E4R5P3), 
11.0.0.138(C185E4R7P3), 
11.0.0.138(C432E8R2P3), 
11.0.0.138(C461E4R3P3), 
11.0.0.138(C605E4R1P3), and 





IA Am 


11.0.0.138(C636E4R3P3). 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
28 
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ibm -- content_navigator 
&#xA0; 





IBM Content Navigator 3.0.CD is vulnerable to 
cross-site scripting. This vulnerability allows users 
to embed arbitrary JavaScript code in the Web UI 
thus altering the intended functionality potentially 
leading to credentials disclosure within a trusted 
session. IBM X-Force ID: 199168. 


2021-04- 
27 





ibm -- content_navigator 
&#xAO0; 


ibm -- content_navigator 
&#xAO0; 





cross-site scripting. This vulnerability allows users 
to embed arbitrary JavaScript code in the Web UI 
thus altering the intended functionality potentially 
leading to credentials disclosure within a trusted 
session. IBM X-Force ID: 199167. 


cross-site scripting. This vulnerability allows users 
to embed arbitrary JavaScript code in the Web UI 
thus altering the intended functionality potentially 
leading to credentials disclosure within a trusted 
session. IBM X-Force ID: 196624. 


IBM Content Navigator 3.0.CD is vulnerable to 


IBM Content Navigator 3.0.CD is vulnerable to 


2021-04- 
27 


2021-04- 
27 





ibm -- spectrum_scale 





5.1.0 through 5.1.0.2 is potentially vulnerable to 
CSV Injection. A remote attacker could execute 
arbitrary commands on the system, caused by 
improper validation of csv file contents. IBM X- 
Force ID: 199403. 


IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 


2021-04- 
27 





ibm -- spectrum_scale 
&#XAO; 


ibm -- spectrum_scale 
&#XAD; 





5.1.0 through 5.1.0.2 is vulnerable to cross-site 
scripting. This vulnerability allows users to embed 
arbitrary JavaScript code in the Web UI thus 
altering the intended functionality potentially leading 
to credentials disclosure within a trusted session. 
IBM X-Force ID: 199400. 


allow a local privileged user to overwrite files due to 
improper input validation. IBM X-Force ID: 192541. 


IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 


IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could 


2021-04- 
27 


2021-04- 
27 











icms -- icms 
&#xAO; 


Path Traversal in iCMS v7.0.13 allows remote 
attackers to delete folders by injecting commands 
into a crafted HTTP request to the "do_del()" 
method of the component "database.admincp.php". 


2021-04- 
30 


CVE-2020- 
18070 
ISC 


not yet 
calculate 








inim -- 
electronics_smartliving_sma 
&#xAO0; 


inim -- 
electronics_smartliving_sma 
&#xAO0; 














Inim Electronics SmartLiving SmartLAN/G/SI <=6.x 
suffers from an authenticated remote command 
injection vulnerability. The issue exist due to the 
‘par’ POST parameter not being sanitized when 
called with the 'testemail' module through web.cgi 
binary. The vulnerable CGI binary (ELF 32-bit LSB 
rexecutable, ARM) is calling the 'sh' executable via 
the system() function to issue a command using the 
mailx service and its vulnerable string format 
parameter allowing for OS command injection with 
root privileges. An attacker can remotely execute 
system commands as the root user using default 


sae default hardcoded credentials. An attacker 
ould exploit this to gain Telnet, SSH and FTP 
access to the system. 





https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 


credentials and bypass access controls in place. 
Inim Electronics Smartliving SmartLAN/G/SI <=6.x 








2021-04- 
29 


2021-04- 
29 


CVE-2020- 
21995 
XPLOIT-DB 











MISC 
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An Unauthenticated Server-Side Request Forgery 
(SSRF) vulnerability exists in Inim Electronics 
Smartliving SmartLAN/G/SI <=6.x within the 
Getlmage functionality. The application parses user 












































overflow. 














https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 














le epeaide smartliving smaj$uPPlied data in the GET parameter ‘host to 2021-04- 
RHxXAD: 9 construct an image request to the service through 29 
, onvif.cgi. Since no validation is carried out on the 
parameter, an attacker can specify an external 
domain and force the application to make an HTTP 
request to an arbitrary destination host. 
** DISPUTED ** An issue was discovered in 
Jansson through 2.13.1. Due to a parsing error in CVE-2020- 
jansson -- jansson json_loads, there's an out-of-bounds read-access 2021-04- eee 
&#xA0; bug. NOTE: the vendor reports that this only occurs 26 
when a programmer fails to follow the API 
specification. 
Cross Site Scripting (XSS) in Jeesns v1.4.2 allows 
: ; remote attackers to execute arbitrary code by 
a. iene injecting commands into the "CKEditorFuncNum" —— 
: parameter in the component 
"CkeditorUploadController.java". 
A flaw was found in the Key Recovery Authority 
(KRA) Agent Service in pki-core 10.10.5 where it 
key_recovery_authority -- did not properly sanitize the recovery ID during a 2021-04- || not yet CVE-2020- 
key_recovery_authority key recovery request, enabling a reflected cross- 30 bnicilate A721 
&#xA0; site scripting (XSS) vulnerability. An attacker could ISC 
trick an authenticated victim into executing specially 
crafted Javascript code. 
An issue was discovered in klibc before 2.0.9. 
kilbc -- kilbc Multiple possible integer overflows in the cpio 2021-04- 
command on 32-bit systems may result in a buffer 30 
overflow or other security impact. 
An issue was discovered in klibc before 2.0.9. 
kilbc -- kilbc Multiplication in the calloc() function may result in 2021-04- 
&#xA0; an integer overflow and a subsequent heap buffer 30 
overflow. 
: . An issue was discovered in klibc before 2.0.9. An 
ee integer overflow in the cpio command may result in mae ae 
: a NULL pointer dereference on 64-bit systems. 
An issue was discovered in klibc before 2.0.9. 
kilbc -- kilbc Additions in the malloc() function may result in an 2021-04- 
&#xA0; integer overflow and a subsequent heap buffer 30 
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Kirby is an open source CMS. An editor with write 
access to the Kirby Panel can upload an SVG file 
that contains harmful content like “<script>* tags. 
The direct link to that file can be sent to other users 
or visitors of the site. If the victim opens that link in 
a browser where they are logged in to Kirby, the 
script will run and can for example trigger requests 
to Kirby's API with the permissions of the victim. 
This vulnerability is critical if you might have 
potential attackers in your group of authenticated 
Panel users, as they can escalate their privileges if 
they get access to the Panel session of an admin 
user. Depending on your site, other JavaScript- 
powered attacks are possible. Visitors without 
Panel access can only use this attack vector if your 
site allows SVG file uploads in frontend forms and 
you don't already sanitize uploaded SVG files. The 
problem has been patched in Kirby 3.5.4. Please 
update to this or a later version to fix the 
Vulnerability. Frontend upload forms need to be 
patched separately depending on how they store 
the uploaded file(s). If you use *File::create()’, you 
are protected by updating to 3.5.4+. As a work 
around you can disable the upload of SVG files in 
your file blueprints. 


2021-04- 
27 








lenovo -- pcmanager 
&#xAO0; 


A denial of service vulnerability was reported in 
Lenovo PCManager, prior to version 3.0.400.3252, 
that could allow configuration files to be written to 
non-standard locations. 


2021-04- 
27 


not yet 
calculate 


CVE-2021- 
451 
ISC 








lenovo -- pcmanager 
&#xAO0; 





[A DLL search path vulnerability was reported in 
Lenovo PCManager, prior to version 3.0.400.3252, 
that could allow privilege escalation. 


2021-04- 
27 


not yet 





CVE-2021- 
464 
calculate ISC 








leocad -- leocad 
&#xAO; 





libezxml -- ezxml 
&#xAO; 


LeoCAD before 21.03 sometimes allows a use- 
after-free during the opening of a new document. 


A\n issue was discovered in libezxml.a in ezXML 


0.8.6. The function ezxml_decode() performs 
incorrect memory handling while parsing crafted 
XML files, leading to a heap-based buffer overflow. 


2021-04- 
26 


not yet 
calculate 


2021-04- 
24 


CVE-2021- 
1804 
ISC 








libimage-exiftool-perl -- 
libimage-exiftool-perl 
&#XAD; 





lilin -- ip_camera_device 
&#XAO; 








lilin -- webcam_device 
&#xAO; 





Improper neutralization of user data in the DjVu file 
format in ExifTool versions 7.44 and up allows 
arbitrary code execution when parsing the 
malicious image 


The NTP Server configuration function of the IP 


camera device is not verified with special 
parameters. Remote attackers can perform a 
command Injection attack and execute arbitrary 
commands after logging in with the privileged 
permission. 


The sensitive information of webcam device is not 
properly protected. Remote attackers can 
unauthentically grant user’s credential. 











2021-04- 
23 


2021-04- 
28 


2021-04- 
28 
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linux -- linux_kernel 
&#XAD; 





live555 -- streaming_media 
&#xAO; 








managewiki -- managewiki 
&#XAD; 


The PowerVR GPU kernel driver in pvrsrvkm.ko 
through 2021-04-24 for the Linux kernel, as used 
on Alcatel 1S phones, allows attackers to overwrite 


heap memory via PhysmemNewRamBackedPMR. 


Vulnerability in the 
AC3AudioFileServerMediaSubsession, 
ADTSAudioFileServerMediaSubsession, and 
AMRAudioFileServerMediaSubsessionLive 
OnDemandServerMediaSubsession subclasses in 
Networks LIVE555 Streaming Media before 
2021.3.16. 


ManageWiki is an extension to the MediaWiki 
project. The 'wikiconfig' API leaked the value of 
private configuration variables set through the 
ManageWiki variable to all users. This has been 
patched by 


https://github.com/miraheze/ManageWiki/compare/99f3b2Baf 8icdle 


If you are unable to patch set 
“$wgAPIListModules['wikiconfig'] = 
‘ApiQueryDisabled'; or remove private config as a 
workaround. 


2021-04- 
24 


2021-04- 
29 


2021-04- 





not yet 








md_analyze_line in md4c.c in md4c 0.4.7 allows 






































md4c.c -- md4c.c attackers to trigger use of uninitialized memory, and || 2021-04- 
&#xAO0; cause a denial of service via a malformed 29 
Markdown document. 
; . . : The media2click (aka 2 Clicks for External Media) CVE-2021- 
Fp eclick ~ mediazelick lextension 1.x before 1.3.3 for TYPO3 allows XSS_ | O2).0% || NOt YS! |a77e 
, by a backend user account. ISC 
MERCUSYS Mercury X18G 1.0.5 devices allow 
Denial of service via a crafted value to the POST 
listen_http_lan parameter. Upon subsequent device 2021-04- 
mercury -- mercury restarts after this vulnerability is exploted the device 29 
will not be able to access the webserver unless the 
listen_http_lan parameter to uhttpd.json is manually 
fixed. 
Cross site Scripting (XSS) vulnerability in 
mercury -- mercury MERCUSYS Mercury X18G 1.0.5 devices, via 2021-04- 
&#xA0; crafted values to the 'src_dport_start’, 29 
src_dport_end', and 'dest_port’ parameters. 
A SQL Injection vulnerability in the REST API in 
Layer5 Meshery 0.5.2 allows an attacker to execute 
meshery -- meshery arbitrary SQL commands via the 2021-04- 
&#xA0; /experimental/patternfiles endpoint (order 28 
parameter in GetMesheryPatterns in 
models/meshery_pattern_persister.go). 
An arbitrary code execution vulnerability exists in 
: Micro Focus Application Performance 
ee: M t, affecting versions 9.40, 9.50 and _|| 2021-04- 
application_performance mapagement See, an 
RHxXA0: > .o1. The vulnerability could allow remote attackers 28 
, to execute arbitrary code on affected installations of 
APM. 
Cross Site Scripting (XSS) in MiniCMS v1.10 allows 
minicms -- minicms remote attackers to execute arbitrary code by 2021-04- 
&#xA0; injecting commands via a crafted HTTP request to 28 








the component "/mc-admin/post-edit.php". 
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minthcm -- release 





misp -- misp 
&#XAD; 


A weak password requirement vulnerability exists in 
the Create New User function of MintHCM 
RELEASE 3.0.8, which could lead an attacker to 
easier password brute-forcing. 


In app/Model/MispObject.php in MISP 2.4.141, an 


incorrect sharing group association could lead to 
information disclosure on an event edit. When an 
object has a sharing group associated with an 
event edit, the sharing group object is ignored and 
instead the passed local ID is reused. 


2021-04- 
26 


2021-04- 
23 











mongodb -- mongodb 
&#XAO; 


A user authorized to performing a specific type of 
find query may trigger a denial of service. This 
issue affects: MongoDB Inc. MongoDB Server v4.4 
versions prior to 4.4.4. 


2021-04- 
30 


not yet 
calculate 








nacos -- nacos 


&#XAO; 





nacos -- nacos 
&#xA0; 


Nacos is a platform designed for dynamic service 
discovery and configuration and service 
management. In Nacos before version 1.4.1, the 
ConfigOpsController lets the user perform 
management operations like querying the database 
lor even wiping it out. While the /data/remove 
endpoint is properly protected with the @Secured 
annotation, the /derby endpoint is not protected and 
can be openly accessed by unauthenticated users. 
These endpoints are only valid when using 
embedded storage (derby DB) so this issue should 
not affect those installations using external storage 
(e.g. mysql) 


Nacos is a platform designed for dynamic service 


discovery and configuration and service 
management. In Nacos before version 1.4.1, when 
configured to use authentication (- 
Dnacos.core.auth.enabled=true) Nacos uses the 
AuthFilter servlet filter to enforce authentication. 
This filter has a backdoor that enables Nacos 
servers to bypass this filter and therefore skip 
authentication checks. This mechanism relies on 
the user-agent HTTP header so it can be easily 
spoofed. This issue may allow any user to carry out 
any administrative tasks on the Nacos server. 


2021-04- 
27 


2021-04- 
27 








nec -- aterm_devices 
&#XAO; 


NEC Aterm devices (Aterm WF1200CR firmware 
Ver1.3.2 and earlier, Aterm WG1200CR firmware 
Ver1.3.3 and earlier, and Aterm WG2600HS 
firmware Ver1.5.1 and earlier) allow authenticated 
attackers to execute arbitrary OS commands by 
sending a specially crafted request to a specific 
URL. 


2021-04- 
26 








nec -- aterm_devices 
&#XAO; 





Improper validation of integrity check value 
Vulnerability in NEC Aterm WF1200CR firmware 
Ver1.3.2 and earlier, Aterm WG1200CR firmware 
Ver1.3.3 and earlier, and Aterm WG2600HS 
firmware Ver1.5.1 and earlier allows an attacker 
with an administrative privilege to execute arbitrary 
OS commands by sending a specially crafted 





request to a specific URL. 








2021-04- 
26 
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nec -- aterm_devices 
&#xAO0; 


Cross-site scripting vulnerability in NEC Aterm 
devices (Aterm WG1900HP2 firmware Ver.1.3.1 
and earlier, Aterm WG1900HP firmware Ver.2.5.1 
and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 
and earlier, Aterm WG1800HP3 firmware Ver.1.5.1 
and earlier, Aterm WG1200HS2 firmware Ver.2.5.0 
and earlier, Aterm WG1200HP3 firmware Ver.1.3.1 
and earlier, Aterm WG1200HP2 firmware Ver.2.5.0 
and earlier, Aterm W1200EX firmware Ver.1.3.1 
and earlier, Aterm W1200EX-MS firmware Ver.1.3.1 
and earlier, Aterm WG1200HS firmware all versions 
Aterm WG1200HP firmware all versions Aterm 
WF800HP firmware all versions Aterm WF300HP2 
firmware all versions Aterm WR8165N firmware all 
versions Aterm W500P firmware all versions, and 
Aterm W300P firmware all versions) allows remote 
attackers to inject arbitrary script or HTML via 
unspecified vectors. 


2021-04- 
26 








nec -- aterm_devices 
&#XAO; 


netgear -- r7000_ devices 
&#XAO; 





Improper access control vulnerability in NEC Aterm 
WG2600HS firmware Ver1.5.1 and earlier, and 
Aterm WX3000HP firmware Ver1.1.2 and earlier 
allows a device connected to the LAN side to be 
accessed from the WAN side due to the defect in 
the IPv6 firewall function. 


NETGEAR R7000 1.0.11.116 devices have a heap- 


based Buffer Overflow that is exploitable from the 
local network without authentication. The 
vulnerability exists within the handling of an HTTP 
request. An attacker can leverage this to execute 
code as root. The problem is that a user-provided 
length value is trusted during a backup.cgi file 
upload. The attacker must add a \n before the 
Content-Length header. 


2021-04- 
26 


2021-04- 
26 








npupnp -- npupnp 
&#XAO; 


nvidia -- 
Virtual_gpu_manager 





nvidia -- 
virtual_gpu_manager 








The server in npupnp before 4.1.4 is affected by 
DNS rebinding in the embedded web server 
(including UPnP SOAP and GENA endpoints), 
leading to remote code execution. 


NVIDIA vGPU software contains a vulnerability in 


the Virtual GPU Manager (vGPU plugin), in which 
an input length is not validated, which may lead to 
information disclosure, tampering of data, or denial 
of service. vVGPU version 12.x (prior to 12.2), 
version 11.x (prior to 11.4) and version 8.x (prior to 
8.7) 


NVIDIA vGPU driver contains a vulnerability in the 


guest kernel mode driver and Virtual GPU Manager 
(vGPU plugin), in which an input length is not 
validated, which may lead to tampering of data or 
denial of service. This affects vGPU version 12.x 
(prior to 12.2) and version 11.x (prior to 11.4). 


2021-04- 
25 


2021-04- 
29 


2021-04- 
29 





nvidia -- 
Virtual_gpu_manager 











NVIDIA vGPU driver contains a vulnerability in the 


Virtual GPU Manager (vGPU plugin), where there is 
the potential to write to a shared memory location 
and manipulate the data after the data has been 
validated, which may lead to denial of service and 
escalation of privileges. This affects vGPU version 
12.x (prior to 12.2), version 11.x (prior to 11.4) and 





version 8.x (prior to 8.7). 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
29 
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NVIDIA vGPU software contains a vulnerability in 
the guest kernel mode driver and Virtual GPU 
Manager (vGPU plugin), in which an input length is 
not validated, which may lead to information 
disclosure, tampering of data, or denial of service. 
This affects vGPU version 12.x (prior to 12.2) and 
version 11.x (prior to 11.4). 


NVIDIA vGPU driver contains a vulnerability in the 
Virtual GPU Manager (vGPU plugin), which could 








CVE-2021- 
2021-04- || not yet 1083 


29 calculate ONFIRM 


nvidia -- 
Vvirtual_gpu_manager 








nvidia -- allow an attacker to retrieve information that could 2021-04- || not vet CVE-2021- 
virtual_gpu_manager lead to a Address Space Layout Randomization 29 Saad 1087 
&#xA0; (ASLR) bypass. This affects vGPU version 12.x ONFIRM 


(prior to 12.2), version 11.x (prior to 11.4) and 
version 8.x (prior to 8.7). 


NVIDIA vGPU software contains a vulnerability in 
the guest kernel mode driver and Virtual GPU 
manager (vGPU plugin), in which an input length is 
not validated, which may lead to information 2021-04- 
disclosure, tampering of data, or denial of service. 29 
This affects vGPU version 12.x (prior to 12.2), 
version 11.x (prior to 11.4) and version 8.x (prior 
8.7). 


NVIDIA vGPU software contains a vulnerability in 
the Virtual GPU Manager (vGPU plugin), in which 
nvidia -- certain input data is not validated, which may lead 
virtual_gpu_manager to information disclosure, tampering of data, or 
&#XAD; denial of service. This affects vGPU version 12.x 
(prior to 12.2), version 11.x (prior to 11.4) and 
Version 8.x (prior 8.7). 


NVIDIA vGPU driver contains a vulnerability in the 
Virtual GPU Manager (vGPU plugin) where it allows 
nvidia -- guests to control unauthorized resources, which 
Vvirtual_gpu_manager may lead to integrity and confidentiality loss or 
&#xA0; information disclosure. This affects vGPU version 
12.x (prior to 12.2), version 11.x (prior to 11.4) and 
version 8.x (prior to 8.7). 


An out-of-bounds write vulnerability exists in the 
file-reading procedure in Open Design Alliance 








nvidia -- 
Vvirtual_gpu_manager 
&#XAD; 





2021-04- 
29 








2021-04- 
29 











open_design_alliance -- Drawings SDK before 2021.6 on all supported by 2021-04- || not vet CVE-2021- 
sdk ODA platforms in static configuration. This can 26 Scania 1784 
&#xA0; allow attackers to cause a crash, potentially ISC 


enabling a denial of service attack (Crash, Exit, or 
Restart) or possible code execution. 


OpenAPI Generator allows generation of API client 
libraries, server stubs, documentation and 
configuration automatically given an OpenAPI 
Spec. Using ‘File.createTempFile’ in JDK will result 
in creating and using insecure temporary files that 
can leave application and system data vulnerable 
to attacks. OpenAPI Generator maven plug-in 
creates insecure temporary files during the 
process. The issue has been patched with 
*‘Files.createTempFile’ and released in the v5.1.0 
stable version. 


OpenVPN 2.5.1 and earlier versions allows a 
remote attackers to bypass authentication and 
access control channel data on servers configured 
with deferred authentication, which can be used to 
potentially trigger further information leaks. 








2021-04- 
27 


Openapi -- generator 
&#XAO; 








2021-04- 
26 


openvpn -- openvpn 
&#xA0; 
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oracle -- vm_virtualbox 
&#XAO; 


orangehrm -- orangehrm 
&#xA0; 


Ox -- app_ suite 
&#xAO0; 


Ox -- app_ suite 
&#XxAO; 


Ox -- app_ suite 
&#xA0; 


Ox -- guard 
&#xAO0; 








parallels -- desktop 








Vulnerability in the Oracle VM VirtualBox product of 
Oracle Virtualization (component: Core). The 
supported version that is affected is Prior to 6.1.20. 
Easily exploitable vulnerability allows high 
privileged attacker with logon to the infrastructure 
where Oracle VM VirtualBox executes to 
compromise Oracle VM VirtualBox. While the 
vulnerability is in Oracle VM VirtualBox, attacks 
may significantly impact additional products. 
Successful attacks of this vulnerability can result in 
unauthorized access to critical data or complete 
access to all Oracle VM VirtualBox accessible data. 
CVSS 3.1 Base Score 6.0 (Confidentiality impacts). 
CVSS Vector: 


(CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). 


OrangeHRM 4.7 allows an unauthenticated user to 
enumerate the valid username and email address 
via the forgot password function. 


OX App Suite 7.10.4 and earlier allows SSRF via a 
snippet. 


OX App Suite 7.10.4 and earlier allows XSS via a 


crafted contact object (payload in the position or 
company field) that is mishandled in the App Suite 
UI on a smartphone. 


OX App Suite 7.10.4 and earlier allows XSS via a 


crafted distribution list (payload in the common 


name) that is mishandled in the scheduling view. 


OX Guard 2.10.4 and earlier allows a Denial of 
Service via a WKS server that responds slowly or 
with a large amount of data. 


This vulnerability allows local attackers to disclose 


sensitive information on affected installations of 
Parallels Desktop 15.1.5-47309. An attacker must 
first obtain the ability to execute high-privileged 
code on the target guest system in order to exploit 
this vulnerability. The specific flaw exists within the 
Toolgate component. The issue results from the 
lack of proper initialization of memory prior to 
accessing it. An attacker can leverage this in 
conjunction with other vulnerabilities to escalate 
privileges and execute arbitrary code in the context 
of the hypervisor. Was ZDI-CAN-12528. 


2021-04- 
28 


2021-04- 
26 


2021-04- 
30 


2021-04- 
30 


2021-04- 


30 


2021-04- 
30 


2021-04- 
29 





1935 
ISC 








parallels -- desktop 








This vulnerability allows local attackers to disclose 
sensitive information on affected installations of 
Parallels Desktop 15.1.4-47270. An attacker must 
first obtain the ability to execute low-privileged code 
on the target guest system in order to exploit this 
vulnerability. The specific flaw exists within the 
Toolgate component. The issue results from the 
lack of proper initialization of memory prior to 
accessing it. An attacker can leverage this in 
conjunction with other vulnerabilities to escalate 
privileges and execute arbitrary code in the context 








of the hypervisor. Was ZDI-CAN-12221. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 
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parallels -- desktop 


parallels -- desktop 


parallels -- desktop 


parallels -- desktop 











This vulnerability allows local attackers to escalate 
privileges on affected installations of Parallels 
Desktop 16.1.0-48950. An attacker must first obtain 
the ability to execute low-privileged code on the 
target guest system in order to exploit this 
Vulnerability. The specific flaw exists within the 
Toolgate component. The issue results from the 
lack of proper validation of the length of user- 
supplied data prior to copying it to a fixed-length 
stack-based buffer. An attacker can leverage this 
vulnerability to escalate privileges and execute 
arbitrary code in the context of the hypervisor. Was 
ZDI-CAN-12220. 


This vulnerability allows local attackers to delete 


arbitrary files on affected installations of Parallels 
Desktop 16.1.1-49141. An attacker must first obtain 
the ability to execute high-privileged code on the 
target guest system in order to exploit this 
vulnerability. The specific flaw exists within the 
Toolgate component. The issue results from the 
lack of proper validation of a user-supplied path 
prior to using it in file operations. An attacker can 
leverage this vulnerability to delete arbitrary files in 


the context of the hypervisor. Was ZDI-CAN-12129. 
This vulnerability allows local attackers to disclose 


sensitive information on affected installations of 
Parallels Desktop 15.1.5-47309. An attacker must 
first obtain the ability to execute high-privileged 
code on the target guest system in order to exploit 
this vulnerability. The specific flaw exists within the 
IDE virtual device. The issue results from the lack 
of proper validation of user-supplied data, which 
can result in a read past the end of an allocated 
buffer. An attacker can leverage this in conjunction 
with other vulnerabilities to escalate privileges and 
execute arbitrary code in the context of the 
hypervisor. Was ZDI-CAN-13190. 


This vulnerability allows local attackers to escalate 


privileges on affected installations of Parallels 
Desktop 15.1.5-47309. An attacker must first obtain 
the ability to execute low-privileged code on the 
target guest system in order to exploit this 
Vulnerability. The specific flaw exists within the 
Open Tools Gate component. The issue results 
from the lack of proper validation of the length of 
user-supplied data prior to copying it to a fixed- 
length heap-based buffer. An attacker can leverage 
this vulnerability to escalate privileges and execute 
arbitrary code in the context of the hypervisor. Was 





ZDI-CAN-12848. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 
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29 


2021-04- 
29 


2021-04- 
29 


2021-04- 
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parallels -- desktop 


parallels -- desktop 





parallels -- desktop 


This vulnerability allows local attackers to disclose 
sensitive information on affected installations of 
Parallels Desktop 15.1.5-47309. An attacker must 
first obtain the ability to execute low-privileged code 
on the target guest system in order to exploit this 
Vulnerability. The specific flaw exists within the 
Open Tools Gate component. The issue results 
from the lack of proper locking when performing 
operations on an object. An attacker can leverage 
this in conjunction with other vulnerabilities to 
escalate privileges and execute arbitrary code in 


the context of the hypervisor. Was ZDI-CAN-13082. 
This vulnerability allows local attackers to escalate 


privileges on affected installations of Parallels 
Desktop 15.1.5-47309. An attacker must first obtain 
the ability to execute high-privileged code on the 
target guest system in order to exploit this 
vulnerability. The specific flaw exists within the IDE 
Virtual device. The issue results from the lack of 
proper validation of the length of user-supplied data 
prior to copying it to a fixed-length heap-based 
buffer. An attacker can leverage this vulnerability to 
escalate privileges and execute arbitrary code in 


the context of the hypervisor. Was ZDI-CAN-13186. 
This vulnerability allows local attackers to escalate 


privileges on affected installations of Parallels 
Desktop 15.1.5-47309. An attacker must first obtain 
the ability to execute high-privileged code on the 
target guest system in order to exploit this 
vulnerability. The specific flaw exists within the IDE 
Virtual device. The issue results from the lack of 
proper validation of the length of user-supplied data 
prior to copying it to a fixed-length heap-based 
buffer. An attacker can leverage this vulnerability to 
escalate privileges and execute arbitrary code in 
the context of the hypervisor. Was ZDI-CAN-13187. 


2021-04- 
29 


2021-04- 
29 


2021-04- 
29 








parallels -- desktop 
&#XAO; 








This vulnerability allows local attackers to disclose 
sensitive information on affected installations of 
Parallels Desktop 15.1.5-47309. An attacker must 
first obtain the ability to execute high-privileged 
code on the target guest system in order to exploit 
this vulnerability. The specific flaw exists within the 
IDE virtual device. The issue results from the lack 
of proper validation of user-supplied data, which 
can result in a read past the end of an allocated 
buffer. An attacker can leverage this in conjunction 
with other vulnerabilities to escalate privileges and 
execute arbitrary code in the context of the 








hypervisor. Was ZDI-CAN-13189. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 
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parallels -- desktop 
&#XAO; 





parallels -- desktop 
&#XAO; 


parallels -- desktop 
&#xAO0; 


parallels -- desktop 
&#XAO; 





This vulnerability allows local attackers to escalate 
privileges on affected installations of Parallels 
Desktop 16.1.2-49151. An attacker must first obtain 
the ability to execute low-privileged code on the 
target system in order to exploit this vulnerability. 
The specific flaw exists within the Parallels Tools 
component. The issue results from the lack of 
proper validation of user-supplied data, which can 
result in an integer overflow before allocating a 
buffer. An attacker can leverage this vulnerability to 
escalate privileges and execute arbitrary code in 
the context of the kernel on the target guest 
system. Was ZDI-CAN-12791. 


This vulnerability allows local attackers to escalate 


privileges on affected installations of Parallels 
Desktop 16.1.2-49151. An attacker must first obtain 
the ability to execute low-privileged code on the 
target guest system in order to exploit this 
Vulnerability. The specific flaw exists within the 
Parallels Tools component. The issue results from 
the lack of proper validation of user-supplied data, 
which can result in an integer overflow before 
allocating a buffer. An attacker can leverage this 
vulnerability to escalate privileges and execute 
arbitrary code in the context of the kernel on the 
target guest system. Was ZDI-CAN-12790. 


This vulnerability allows local attackers to escalate 


privileges on affected installations of Parallels 
Desktop 16.1.1-49141. An attacker must first obtain 
the ability to execute high-privileged code on the 
target guest system in order to exploit this 
Vulnerability. The specific flaw exists within the 
e1000e virtual device. The issue results from the 
lack of proper locking when performing operations 
on an object. An attacker can leverage this 
vulnerability to escalate privileges and execute 
arbitrary code in the context of the hypervisor. Was 
ZDI-CAN-12527. 


This vulnerability allows local attackers to disclose 


sensitive information on affected installations of 
Parallels Desktop 15.1.4-47270. An attacker must 
first obtain the ability to execute low-privileged code 
on the target guest system in order to exploit this 
Vulnerability. The specific flaw exists within the 
Toolgate component. The issue results from the 
lack of proper initialization of memory prior to 
accessing it. An attacker can leverage this in 
conjunction with other vulnerabilities to escalate 
privileges and execute arbitrary code in the context 











of the hypervisor. Was ZDI-CAN-12131. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
29 


2021-04- 
29 


2021-04- 
29 
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parallels -- desktop 
&#XAO; 


parallels -- desktop 
&#xAO0; 





This vulnerability allows local attackers to disclose 
sensitive information on affected installations of 
Parallels Desktop 15.1.5-47309. An attacker must 
first obtain the ability to execute high-privileged 
code on the target guest system in order to exploit 
this vulnerability. The specific flaw exists within the 
IDE virtual device. The issue results from the lack 
of proper validation of user-supplied data, which 
can result in a read past the end of an allocated 
buffer. An attacker can leverage this in conjunction 
with other vulnerabilities to escalate privileges and 
execute arbitrary code in the context of the 
hypervisor. Was ZDI-CAN-13188. 


This vulnerability allows local attackers to disclose 


sensitive information on affected installations of 
Parallels Desktop 15.1.4-47270. An attacker must 
first obtain the ability to execute low-privileged code 
on the target guest system in order to exploit this 
vulnerability. The specific flaw exists within the 
Toolgate component. The issue results from the 
lack of proper initialization of memory prior to 
accessing it. An attacker can leverage this in 
conjunction with other vulnerabilities to escalate 
privileges and execute arbitrary code in the context 
of the hypervisor. Was ZDI-CAN-12136. 


2021-04- 
29 


2021-04- 
29 








pdfresurrect -- pdfresurrect 
&#XAO; 


A flaw was found in PDFResurrect in version 0.22b. 
There is an infinite loop in 
get_xref_linear_skipped() in pdf.c via a crafted PDF 
file. 


2021-04- 
28 











pega -- infinity 
&#XAD; 


In versions 8.2.1 through 8.5.2 of Pega Infinity, the 
password reset functionality for local accounts can 
be used to bypass local authentication checks. 


2021-04- 
29 


not yet 











pgsync -- pgsync 
&#xA0; 





phpfusion -- phpfusion 
&#xAO0; 








phpmailer -- phpmailer 
&#XAD; 


pgsync before 0.6.7 is affected by Information 
Disclosure of sensitive information. Syncing the 
schema with the --schema-first and --schema-only 
options is mishandled. For example, the sslmode 
connection parameter may be lost, which means 
that SSL would not be used. 


CSRF + Cross-site scripting (XSS) vulnerability in 
search.php in PHPFusion 9.03.110 allows remote 
attackers to inject arbitrary web script or HTML 


PHPMailer 6.1.8 through 6.4.0 allows object 


injection through Phar Deserialization via 
addAttachment with a UNC pathname. NOTE: this 
is similar to CVE-2018-19296, but arose because 
6.1.8 fixed a functionality problem in which UNC 
pathnames were always considered unreadable by 
PHPMailer, even in safe contexts. As an 
unintended side effect, this fix eliminated the code 
that blocked addAttachment exploitation. 


2021-04- 
27 


2021-04- 
29 


2021-04- 
28 








phpshe -- mall_system 
&#XAD; 











SQL Injection in PHPSHE Mall System v1.7 allows 
remote attackers to execute arbitrary code by 
injecting SQL commands into the "user_phone" 
parameter of a crafted HTTP request to the 





"admin.php" component. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 
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piwigo -- piwigo 
&#XAD; 


postcss -- postcss 
&#xA0; 


prisma -- prisma 
&#xAO0; 


prisma -- vs_code 
&#XxAO; 


pritunl -- client 
&#XAD; 


qibsoft -- qibocms 
&#XxAO; 





react-draft-wysiwyg -- react- 
draft-wysiwyg 
&#xAO0; 








show_default.php in the LocalFilesEditor extension 
before 11.4.0.1 for Piwigo allows Local File 
Inclusion because the file parameter is not 
validated with a proper regular-expression check. 


The package postcss before 8.2.13 are vulnerable 


to Regular Expression Denial of Service (ReDoS) 
via getAnnotationURL() and loadAnnotation() in 
lib/previous-map.js. The vulnerable regexes are 
caused mainly by the sub-pattern V/\*\s* 
sourceMappingURL=(.*). 

Prisma is an open source ORM for Node.js & 
TypeScript. As of today, we are not aware of any 
Prisma users or external consumers of the 
*@prisma/sdk package who are affected by this 
security vulnerability. This issue may lead to remote 
code execution if a client of the library calls the 
vulnerable method with untrusted input. It only 
affects the ‘getPackedPackage’ function and this 
function is not advertised and only used for tests & 
building our CLI, no malicious code was found after 
checking our codebase. 


Prisma VS Code a VSCode extension for Prisma 


schema files. This is a Remote Code Execution 
Vulnerability that affects all versions of the Prisma 
VS Code extension older than 2.20.0. If a custom 
binary path for the Prisma format binary is set in VS 
Code Settings, for example by downloading a 
project that has a .vscode/settings.json file that sets 
a value for "prismaFmtBinPath". That custom 
binary is executed when auto-formatting is 
triggered by VS Code or when validation checks 
are triggered after each keypress on a *.prisma file. 
Fixed in versions 2.20.0 and 20.0.27. Asa 
workaround users can either edit or delete the 
‘.vscode/settings.json’ file or check if the binary is 
malicious and delete it. 


Pritunl Client v1.2.2550.20 contains a local privilege 


escalation vulnerability in the pritunl-service 
component. The attack vector is: malicious 
openvpn config. A local attacker could leverage the 
log and log-append along with log injection to 
create or append to privileged script files and 
execute code as root/SYSTEM. 


Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 


and earlier allows remote attackers to execute 
arbitrary code or obtain sensitive information by 
injecting arbitrary commands in a HTTP request to 
the "ewebeditor.1.1\kindeditor.js" component. 


react-draft-wysiwyg (aka React Draft Wysiwyg) 


before 1.14.6 allows a javascript: URi in a Link 
Target of the link decorator in 
decorators/Link/index.js when a draft is shared 
across users, leading to XSS. 


2021-04- 
26 


2021-04- 
26 


2021-04- 
29 


2021-04- 
29 


2021-04- 
30 


2021-04- 
28 


2021-04- 
24 








redmine -- redmine 








Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x 
before 4.2.1 allows users to circumvent the allowed 
filename extensions of uploaded attachments. 








https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 
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redmine -- redmine 











Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x 



































using this feature if a crafted cookie is supplied. 





https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








before 4.2.1 allows attackers to bypass the 2021-04- 
&H#XAD: add_issue_notes permission requirement by 28 
, leveraging the incoming mail handler. 
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows 
: é an attacker to learn the values of internal 
nine edeime authentication keys by observing timing differences ae 
&#xAO0; E : : : Au 28 
in string comparison operations within 
SysController and MailHandlerController. 
Insufficient input validation in the Git repository 
a, , integration of Redmine before 4.0.9, 4.1.x before oR 
he ile 4.1.3, and 4.2.x before 4.2.1 allows Redmine users | “04°94 
: to read arbitrary local files accessible by the 
application server process. 
eultevodiial-cauioroadal ne pile bare Forgery (CSRF) in Rukovoditel 2021-04- 
84x AO: v2.8.3 allows attackers to create an admin user 29 
, with an arbitrary credentials. 
This affects all versions of package 
russelhaering -- gosaml2 __|github.com/russellhaering/gosaml2. There is a 2021-04- 
&#xA0; crash on nil-pointer dereference caused by sending 30 
malformed XML signatures. 
An issue was discovered in the rkyv crate before 
rust -- rkyv 0.6.0 for Rust. When an archive is created via 2021-04- 
&#xA0; serialization, the archive content may contain 30 
uninitialized values of certain parts of a struct. 
Prototype pollution vulnerability in 'safe-flat’ 
safe-flat -- safe-flat versions 2.0.0 through 2.0.1 allows an attacker to 2021-04- 
&#xA0; cause a denial of service and may lead to remote 26 
code execution. 
In SaltStack Salt 2016.9 through 3002.6, a 
command injection vulnerability exists in the 
= snapper module that allows for local privilege A. 
ane salt escalation on a minion. The attack requires that a rte 
, file is created with a pathname that is backed up by 
snapper, and that the master calls the snapper.diff 
function (which executes popen unsafely). 
samurai -- Samurai samurai 1.2 has a NULL pointer dereference in 2021-04- 
&#xAO0; writefile() in util.c via a crafted build file. 29 
; : samurai 1.2 has a NULL pointer dereference in 
iar =a printstatus() function in build.c via a crafted build a 
; file. 
Cross Site Scriptiong vulnerabilityin Screenly 
_ 7 screenly-ose all versions, including v1.8.2 (2019- nA. 
sree” Sareenly-0s° _ l09.25-Screenly-OSE-lite.img), in the ‘Add Asset’) 2021.04 
, page via manipulation of a 'URL' field, which could 
let a remote malicious user execute arbitrary code. 
Shibboleth Service Provider 3.x before 3.2.2 is 
shibboleth -- prone to a NULL pointer dereference flaw involving 2021-04- 
service_provider the session recovery feature. The flaw is 07 
&#xA0; exploitable (for a daemon crash) on systems not 
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Sipwise C5 NGCP CSC through CE_m39.3.1 












































'F' flag (Full) for 'Everyone'and ‘Authenticated 
Users' group. 





https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








ae — ¢8_ngep allows call/click2dial CSRF attacks for actions with a a 
, administrative privileges 
Sipwise C5 NGCP CSC through CE_m39.3.1 has 
multiple authenticated stored and reflected XSS 
vulnerabilities when input passed via several 
parameters to several scripts is not properly 
sipwise -- c5_ngcp sanitized before being returned to the user: Stored || 2021-04- 
&#xAO0; XSS in callforward/time/set/save (POST tsetname); 23 
Reflected XSS in addressbook (GET filter); Stored 
XSS in addressbook/save (POST firstname, 
lastname, company); and Reflected XSS in 
statistics/versions (GET lang). 
Smartwares HOME easy <=1.0.9 is vulnerable to 
an unauthenticated database backup download and 
smartwares -- home information disclosure vulnerability. An attacker 2021-04- 
&#xAO0; could disclose sensitive and clear-text information 29 
resulting in authentication bypass, session hijacking 
and full system control. 
Sonatype Nexus Repository Manager 3.x before 
sonatype -- 3.30.1 allows a remote attacker to get a list of files 2021-04- 
nexus_repository_manager |land directories that exist in a Ul-related folder via 27 
&#xA0; directory traversal (no customer-specific data is 
exposed). 
A cross-site scripting (XSS) vulnerability has been 
sonatype -- pelea pees: beaks dba ad 3.x ’ apna 
. efore 3.30.1. An attacker with a local account can -04- 
Me ee ate entities with crafted properties that, when 28 
, Viewed by an administrator, can execute arbitrary 
JavaScript in the context of the NXRM application. 
Sonate onatype Nexus Repository Manager 3 Pro up to 2021-04- 
nexus_reposiiony_maneger Hl acing 3.30.0 has Incorrect Access Control. 23 
A stored cross-site scripting (XSS) vulnerability in 
cheel tage i SourceCodester Budget Management System 1.0 || 2021-04- 
udget_management_systemi ce . : 
BH#xA0: allows users to inject and store arbitrary JavaScript 28 
i code in index.php via vulnerable field 'Budget Title’. 
Multiple stored cross-site scripting (XSS) 
Vulnerabilities in Sourcecodester Equipment 
eaipina nok systefventory System 1.0 allow remote attackers to 2021-04- 
RHxA0: = inject arbitrary javascript via any "Add" sections, 28 
; such as Add Item , Employee and Position or 
others in the Name Parameters. 
soyal_ technology -- Soyal Technology 701Client 9.0.1 is vulnerable to 2021-04- 
701client Insecure permissions via client.exe binary with 27 
&#xAO0; Authenticated Users group with Full permissions. 
Soyal Technologies SOYAL 701Server 9.0.1 suffers 
from an elevation of privileges vulnerability which 
soyal_technology -- can be used by an authenticated user to change 2021-04- 
701server the executable file with a binary choice. The 27 
&#xAO0; vulnerability is due to improper permissions with the 














53/57 


5/3/2021 


Primary 
Vendor -- Product 


Vulnerability Summary for the Week of April 26, 2021 


Description 


Published 


Source & 
Patch Info 








suitecrm -- suitecrm 
&#xAO; 


susi -- ai_server 
&#xAO0; 





symantec -- 
security_analytics_web 
&#xAO0; 








XSS in the client account page in SuiteCRM before 
7.11.19 allows an attacker to inject JavaScript via 
the name field 


assistant. SUSI.AI Server before version d27edOf 
has a directory traversal vulnerability due to 
insufficient input validation. Any admin config and 
file readable by the app can be retrieved by the 
attacker. Furthermore, some files can also be 
moved or deleted. 


An input validation flaw in the Symantec Security 


Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3- 
NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a 
remote, unauthenticated attacker to execute 
arbitrary OS commands on the target with elevated 
privileges. 


SUSI.AI is an intelligent Open Source personal 


2021-04- 
30 


2021-04- 
30 


2021-04- 
27 





synology -- 
antivirus_essential 
&#XAO; 





systeminformation -- 
systeminformation 
&#xAO0; 





another sphere in quarantine functionality in 
Synology Antivirus Essential before 1.4.8-2801 
allows remote authenticated users to obtain 
privilege via unspecified vectors. 


systeminformation is an open source system and 


OS information library for node.js. A command 
injection vulnerability has been discovered in 
versions of systeminformation prior to 5.6.4. The 
issue has been fixed with a parameter check on 
user input. Please upgrade to version >= 5.6.4. If 
you cannot upgrade, be sure to check or sanitize 
service parameters that are passed to 
si.inetLatency(), si.inetChecksite(), si.services(), 
si.processLoad() and other commands. Only allow 
strings, reject any arrays. String sanitation works as 
expected. 


Externally controlled reference to a resource in 


2021-04- 
28 


2021-04- 
29 








tyk-identity-broker -- tyk- 
identity-broker 
&#XAD; 


typ03 -- bootstrap_package 
&#XAO; 


typo3 -- 
dynamic_content_element 
&#XAO; 














The package github.com/tyktechnologies/tyk- 
identity-broker before 1.1.1 are vulnerable to 
Authentication Bypass via the Go XML parser 
which can cause SAML authentication bypass. This 
is because the XML parser doesn’t guarantee 
integrity in the XML round-trip (encoding/decoding 
XML data). 


Bootstrap Package is a theme for TYPOS. It has 


been discovered that rendering content in the 
website frontend is vulnerable to cross-site 
scripting. A valid backend user account is needed 
to exploit this vulnerability. Users of the extension, 
who have overwritten the affected templates with 
custom code must manually apply the security fix. 
Update to version 7.1.2, 8.0.8, 9.1.4, 10.0.10 or 
11.0.3 of the Bootstrap Package that fix the 
problem described. Updated version are available 
from the TYPO3 extension manager, Packagist and 
at 


2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 
2.7.1, for TYPO3 allows SQL Injection via a 
backend user account. 





https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 








2021-04- 
26 


2021-04- 
27 


https://extensions.typo3.org/extension/download/bogtstrap_pack 


The dce (aka Dynamic Content Element) extension 


2021-04- 
28 
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Unisys Data Exchange Management Studio 









































variable of the "createfolderAjax" function in the 
"mode_worcAction.php" component. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d768a5 











unisys -- ‘ ie ; 
hrqugh 5.0.34 doesn't sanitize the input to a HTML || 2021-04- 
data_exchange_managemet HA field. This could be used for an XSS 27 
jattack, 
An issue was discovered in uniview ISC2500-S. 
uniview -- uniview This is an upload vulnerability where an attacker 2021-04- 
&#xA0; can upload malicious code via 29 
/Interface/DevManage/EC.php?cmd=upload 
An issue was discovered in svc-login.php in Void 
Aural Rec Monitor 9.0.0.1. Passwords are stored in 
void -- aural_rec_monitor |junencrypted source-code text files. This was noted || 2021-04- 
&#xA0; when accessing the svc-login.php file. The value is 23 
used to authenticate a high-privileged user upon 
authenticating with the server. 
An issue was discovered in svc-login.php in Void 
; ‘ Aural Rec Monitor 9.0.0.1. An unauthenticated 
ee attacker can send a crafted HTTP request to rh 
, perform a blind time-based SQL Injection. The 
vulnerable parameter is param1. 
vtiger -- crm An issue was dicovered in vtiger crm 7.2. Union sql || 2021-04- || not yet oe 
&#xAO0; injection in the calendar exportdata feature. 29 calculate ISC 
Incorrect permissions are set to default on the 
2 ‘Project Management page of WebAccess/SCADA 
hake tet portal of WebAccess/SCADA Versions 9.0.1 and 2021-04- 
RH#XA0: prior, which may allow a low-privileged user to 26 
, update an administrator’s password and login as an 
administrator to escalate privileges on the system. 
In WEMS Limited Enterprise Manager 2.58, input 
hieinieice passed to the GET parameter 'email' is not properly 
aie ; sanitized before being returned to the user. This 2021-04- 
ee ila ae can be exploited to execute arbitrary HTML code in 28 
, a user's browser session in context of an affected 
site. 
Directory traversal vulnerability in WP Fastest 
wp -- fastest_cache Cache versions prior to 0.9.1.7 allows a remote 2021-04- 
&#xAO0; attacker with administrator privileges to delete 27 
arbitrary files on the server via unspecified vectors. 
SQL Injection in Xinhu OA System v1.8.3 allows 
remote attackers to obtain sensitive information by 2021-04- 
injecting arbitrary commands into the "typeid" 28 
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A flaw was found in xorg-x11-server in versions 
before 1.20.11. An integer underflow can occur in 
xserver which can lead to a local privilege 2021-04- 
escalation. The highest threat from this vulnerability 26 

is to data confidentiality and integrity as well as 
system availability. 


xorg-x11-server -- xorg-x11- 





xz is a compression and decompression library 
focusing on the xz format completely written in Go. 
The function readUvarint used to read the xz 
container format may not terminate a loop provide 
XZ -- XZ malicous input. The problem has been fixed in 2021-04- 
&#xAO0; release v0.5.8. As a workaround users can limit the 28 
size of the compressed file input to a reasonable 
size for their use case. The standard library had 
recently the same issue and got the CVE-2020- 
16845 allocated. 


yii2_fecshop -- N/A An issue was found in yii2_fecshop 2.x. There is a_ || 2021-04- 
&#xAO0; reflected XSS vulnerability in the check cart page. 29 


Gast Sac = (yeast nao The yoast_seo (aka Yoast SEO) extension before || 5554 o4_ 
i ails 7.2.1 for TYPO3 allows SSRF via a backend user an 
account. 


Cross Site Scripting (XSS) in yzmCMS v5.2 allows 
remote attackers to execute arbitrary code by 2021-04- 
injecting commands into the "referer" field of a 30 
POST request to the component 
"/member/index/login.html" when logging in. 


aie Zoho ManageEngine Eventlog Analyzer through 
ae aaennaiie ened an 12147 is vulnerable to unauthenticated directory 2021-04- 
eho: gine_ 9_aneegérsal via an entry in a ZIP archive. This leads to 30 


remote code execution. 





yzmcms -- yzmcms 
&#xA0; 
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